Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zbROZPjAQ7.exe

Overview

General Information

Sample name:zbROZPjAQ7.exe
renamed because original name is a hash value
Original sample name:c46e9c80b0394baf6ef362d3f3c4827c07836f509bffcc27862d7feff3962054.exe
Analysis ID:1590650
MD5:0af48295a8f30ce6929b60c0d57b267c
SHA1:5c1e864dadbc0b435ed53fdb737b17b28b9f07ff
SHA256:c46e9c80b0394baf6ef362d3f3c4827c07836f509bffcc27862d7feff3962054
Tags:bot7135076584exeuser-JAMESWT_MHT
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • zbROZPjAQ7.exe (PID: 4416 cmdline: "C:\Users\user\Desktop\zbROZPjAQ7.exe" MD5: 0AF48295A8F30CE6929B60C0D57B267C)
    • chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1612 --field-trial-handle=1488,i,14311009380432291782,1194724055867513184,262144 --disable-features=PaintHolding /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • msedge.exe (PID: 6172 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9553 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=372 --field-trial-handle=1404,i,1325028692104923150,16817396278777672498,262144 --disable-features=PaintHolding /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\zbROZPjAQ7.exe", ParentImage: C:\Users\user\Desktop\zbROZPjAQ7.exe, ParentProcessId: 4416, ParentProcessName: zbROZPjAQ7.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 6504, ProcessName: chrome.exe
        Sigma detected: Browser Execution In Headless Mode
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\zbROZPjAQ7.exe", ParentImage: C:\Users\user\Desktop\zbROZPjAQ7.exe, ParentProcessId: 4416, ParentProcessName: zbROZPjAQ7.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 6504, ProcessName: chrome.exe
        Sigma detected: Browser Started with Remote Debugging
        Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\zbROZPjAQ7.exe", ParentImage: C:\Users\user\Desktop\zbROZPjAQ7.exe, ParentProcessId: 4416, ParentProcessName: zbROZPjAQ7.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 6504, ProcessName: chrome.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-14T12:48:02.949277+010028033053Unknown Traffic192.168.2.549969104.26.12.205443TCP
        2025-01-14T12:48:03.779869+010028033053Unknown Traffic192.168.2.549975104.26.12.205443TCP
        2025-01-14T12:48:04.313339+010028033053Unknown Traffic192.168.2.549980208.95.112.180TCP
        2025-01-14T12:48:04.911891+010028033053Unknown Traffic192.168.2.549985104.26.12.205443TCP
        2025-01-14T12:48:05.503271+010028033053Unknown Traffic192.168.2.549987104.26.12.205443TCP
        2025-01-14T12:48:05.656959+010028033053Unknown Traffic192.168.2.549980208.95.112.180TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: zbROZPjAQ7.exeReversingLabs: Detection: 26%
        Source: zbROZPjAQ7.exeVirustotal: Detection: 29%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.5% probability
        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49969 version: TLS 1.2
        Source: zbROZPjAQ7.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdb source: System.Threading.Thread.dll.0.dr
        Source: Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb@@@GCTL source: sni.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdbSHA256 source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256P?> source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: System.ObjectModel.ni.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: System.IO.MemoryMappedFiles.ni.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdb source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256<q source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdbSHA256 source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdb source: System.Drawing.Common.dll.0.dr
        Source: Binary string: System.Runtime.Serialization.Primitives.ni.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdb source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdbSHA256 source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdbSHA2563 source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdbSHA256 source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TextWriterTraceListener\Release\net8.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdbSHA256m source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256v source: System.Buffers.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdbSHA256 source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdbSHA256, source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Threading.ni.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdbSHA256] source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: System.Net.ServicePoint.ni.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdbSHA256a{ source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: System.Net.WebProxy.ni.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: System.Configuration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdbSHA256 source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA256 source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256sO source: System.Net.Requests.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdb source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdb source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdbSHA256 source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdb source: System.Transactions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdbSHA256s source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.Brotli\Release\net8.0-windows\System.IO.Compression.Brotli.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Watcher\Release\net8.0-windows\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdbSHA256 source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdb source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdbSHA256: source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdbSHA256 source: System.Transactions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256I source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdb source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdb source: mscorlib.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdbSHA2568^ source: System.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.JavaScript.ni.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdbSHA256t source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdb source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: System.IO.Compression.Brotli.ni.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdbSHA256> source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256[ source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Diagnostics.TextWriterTraceListener.ni.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdbSHA256r source: System.Reflection.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdbSHA256) source: mscorlib.dll.0.dr
        Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA256 source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdbSHA256 source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdbSHA256 source: System.Threading.Thread.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ObjectModel\Release\net8.0\System.ObjectModel.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256 source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdb source: System.dll.0.dr
        Source: Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdbSHA2562R4c source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdb source: System.Reflection.dll.0.dr
        Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: System.AppContext.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb source: sni.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdbSHA256 source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: zbROZPjAQ7.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdb source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdbSHA256 source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdb source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: System.AppContext.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256NX source: System.Security.SecureString.dll.0.dr
        Source: Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdbSHA256#5 source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdbSHA256 source: System.Drawing.Common.dll.0.dr
        Source: Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: zbROZPjAQ7.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.IO.FileSystem.Watcher.ni.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256 source: System.Configuration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: System.Buffers.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdbSHA256% source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256 source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256S source: System.Net.Mail.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256%B source: Microsoft.Win32.Primitives.dll.0.dr

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\netstandard.dll, type: DROPPED
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.dll, type: DROPPED
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.dll, type: DROPPED
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
        Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
        Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49980 -> 208.95.112.1:80
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49985 -> 104.26.12.205:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49969 -> 104.26.12.205:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49987 -> 104.26.12.205:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49975 -> 104.26.12.205:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: global trafficDNS traffic detected: DNS query: ip-api.com
        Source: zbROZPjAQ7.exeString found in binary or memory: http://.css
        Source: zbROZPjAQ7.exeString found in binary or memory: http://.jpg
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
        Source: chrome.exe, 00000002.00000002.2381678078.00006120003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625a
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
        Source: chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906a
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
        Source: chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929eup.
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
        Source: chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370eup.
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
        Source: zbROZPjAQ7.exeString found in binary or memory: http://html4/loose.dtd
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: msedge.exe, 00000006.00000002.2607272758.0000252800068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: System.ServiceProcess.ServiceController.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Diagnostics.EventLog.dll.0.drString found in binary or memory: https://aka.ms/binaryformatter
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?
        Source: System.Net.Security.dll.0.dr, System.IO.Compression.dll.0.drString found in binary or memory: https://aka.ms/dotnet-warnings/
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet/download
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet/download%s%sInstall
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet/info
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet/sdk-not-foundProbing
        Source: System.ServiceProcess.ServiceController.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Diagnostics.EventLog.dll.0.drString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
        Source: chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
        Source: chrome.exe, 00000002.00000003.2143910906.00001A64002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2144028121.00001A64002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
        Source: System.Xml.XmlSerializer.dll.0.dr, System.Reflection.Emit.Lightweight.dll.0.dr, System.Buffers.dll.0.dr, System.Runtime.Serialization.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr, System.Dynamic.Runtime.dll.0.dr, System.ComponentModel.Primitives.dll.0.dr, System.Diagnostics.Tracing.dll.0.dr, System.Threading.Tasks.Parallel.dll.0.dr, System.Diagnostics.TextWriterTraceListener.dll.0.dr, System.Text.Encodings.Web.dll.0.dr, System.IO.Compression.ZipFile.dll.0.dr, System.Runtime.Serialization.Primitives.dll.0.dr, System.Runtime.InteropServices.RuntimeInformation.dll.0.dr, System.Runtime.InteropServices.dll.0.dr, System.Security.Cryptography.ProtectedData.dll.0.dr, System.Configuration.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.dr, System.Resources.ResourceManager.dll.0.dr, System.Threading.dll.0.dr, System.ServiceProcess.ServiceController.dll.0.drString found in binary or memory: https://github.com/dotnet/runtime
        Source: System.Resources.ResourceManager.dll.0.drString found in binary or memory: https://github.com/dotnet/runtime=
        Source: System.Security.Cryptography.Encoding.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeA
        Source: System.AppContext.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeGk
        Source: System.ValueTuple.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeMY
        Source: System.Security.SecureString.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimed
        Source: System.Transactions.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimen;
        Source: System.Globalization.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeo
        Source: System.Buffers.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimet
        Source: Microsoft.CSharp.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1416.
        Source: Microsoft.CSharp.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1906.
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
        Source: msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://system.data.sqlite.org/
        Source: msedge.exe, 00000006.00000002.2607479716.00002528000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
        Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49969 version: TLS 1.2
        Source: zbROZPjAQ7.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Source: System.Text.Encodings.Web.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.Immutable.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.Principal.Windows.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.FileVersionInfo.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.DiagnosticSource.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Text.Encoding.CodePages.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Compression.Brotli.dll.0.drStatic PE information: No import functions for PE file found
        Source: Microsoft.CSharp.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Console.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.Concurrent.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.TraceSource.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Pipes.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.TextWriterTraceListener.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.FileSystem.AccessControl.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.AccessControl.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Text.Json.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.MemoryMappedFiles.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.Specialized.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.EventBasedAsync.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.TypeConverter.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Xml.XPath.XDocument.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.Annotations.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Formats.Asn1.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.Cryptography.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Drawing.Primitives.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.Tasks.Dataflow.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Formats.Tar.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.Claims.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.Channels.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.Tasks.Parallel.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Web.HttpUtility.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.FileSystem.Watcher.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.Process.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.Primitives.dll.0.drStatic PE information: No import functions for PE file found
        Source: Microsoft.Win32.Registry.dll.0.drStatic PE information: No import functions for PE file found
        Source: Microsoft.VisualBasic.Core.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Linq.Expressions.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.IsolatedStorage.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Runtime.Serialization.Formatters.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.NonGeneric.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Compression.ZipFile.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Compression.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Transactions.Local.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Runtime.Serialization.Primitives.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Data.Common.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Runtime.Numerics.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.FileSystem.DriveInfo.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Text.RegularExpressions.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.StackTrace.dll.0.drStatic PE information: No import functions for PE file found
        Source: zbROZPjAQ7.exe, 00000000.00000000.2046509498.00007FF6811D8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemscordaccore.dll@ vs zbROZPjAQ7.exe
        Source: zbROZPjAQ7.exe, 00000000.00000000.2046509498.00007FF6811D8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoke.dll@ vs zbROZPjAQ7.exe
        Source: zbROZPjAQ7.exeBinary or memory string: OriginalFilenamemscordaccore.dll@ vs zbROZPjAQ7.exe
        Source: zbROZPjAQ7.exeBinary or memory string: OriginalFilenameoke.dll@ vs zbROZPjAQ7.exe
        Source: classification engineClassification label: mal72.troj.spyw.winEXE@13/198@2/3
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\Public\Documents\638724340326124129Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeMutant created: NULL
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.netJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: zbROZPjAQ7.exeReversingLabs: Detection: 26%
        Source: zbROZPjAQ7.exeVirustotal: Detection: 29%
        Source: zbROZPjAQ7.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
        Source: zbROZPjAQ7.exeString found in binary or memory: Morph - Structs/AddrExp
        Source: zbROZPjAQ7.exeString found in binary or memory: @0x%x with loopPre-importprejittail.call and not BBINSTRExpand patchpointsPost-importImportationIndirect call transformProfile incorporationMorph - InitProfile instrumentation prepProfile instrumentationAllocate ObjectsRemove empty tryMorph - InliningMorph - Add internal blocksClone finallyUpdate finally target flagsRemove empty finallyMerge callfinally chainsEarly livenessPhysical promotionUpdate flow graph early passMorph - Structs/AddrExpMorph - ByRefsMorph - Promote StructsForward SubstitutionIdentify candidates for implicit byref copy omissionGS CookieCompute edge weights (1, false)Morph - GlobalMorph - FinishMerge throw blocksInvert loopsCreate EH funcletsTail mergeOptimize layoutCompute blocks reachabilityPost-morph tail mergeOptimize control flowFind loopsClone loopsSet block weightsRedundant zero InitsMorph array opsHoist loop codeUnroll loopsClear loop infoFind oper orderSet block orderMark local varsOptimize boolsSSA: Doms1SSA: livenessBuild SSA representationSSA: topological sortSSA: renameEarly Value PropagationSSA: DFSSA: insert phisOptimize Valnum CSEsVN based copy propDo value numberingOptimize index checksAssertion propIf conversionVN based intrinsic expansionRedundant branch optsCompute edge weights (2, false)Stress gtSplitTreeVN-based dead store removalUpdate flow graph opt passExpand TLS accessInsert GC PollsExpand runtime lookupsExpand static initDo 'simple' loweringLocal var livenessDetermine first cold blockRationalize IRGlobal local var livenessLowering decompositionLocal var liveness initPer block local var livenessLinear scan register allocLSRA build intervalsLowering nodeinfoCalculate stack level slotsPlace 'align' instructionsGenerate codeLSRA allocateLSRA resolvePost-EmitEmit codeEmit GC+EH tablesProcessor does not have a high-frequency timer.
        Source: zbROZPjAQ7.exeString found in binary or memory: GC initialization failed with error 0x%08XVirtualAlloc2kernelbase.dllMapViewOfFile3bad array new lengthstring too longUsing internal fxrApplication root path is empty. This shouldn't happenUsing internal hostpolicy--depsfilePath containing probing policy and assemblies to probe for.<path>--additionalprobingpath--fx-versionPath to <application>.runtimeconfig.json file.--runtimeconfigPath to <application>.deps.json file.<value>--roll-forwardVersion of the installed Shared Framework to use to run the application.<version>--roll-forward-on-no-candidate-fxPath to additional deps.json file.--additional-depsRoll forward to framework version (LatestPatch, Minor, LatestMinor, Major, LatestMajor, Disable)Parsed known arg %s = %ssdk<obsolete><n>Application '%s' is not a managed executable.Using the provided arguments to determine the application to execute. %s %-*s %sFailed to parse supported options or their values:--- Executing in split/FX mode...The application to execute does not exist: '%s'dotnet exec needs a managed .dll or .exe extension. The application specified was '%s'Application '%s' does not exist.staticexec--- Executing in muxer mode...--- Executing in a native executable mode...
        Source: zbROZPjAQ7.exeString found in binary or memory: %s --list-runtimes Display the installed runtimeshost-options: The path to an application .dll file to execute.path-to-application: --info Display .NET information. -h|--help Displays this help.Common Options: --list-sdks Display the installed SDKsinvalid hash bucket countunordered_map/set too longinvalid string positionvector too longInvalid startup info: host_path, dotnet_root, and app_path should not be null.A fatal error occurred while processing application bundlehostfxr_main_bundle_startupinfo--- Invoked %s [version: %s]hostfxr_main_startupinfoget-native-search-directories--list-runtimes--list-sdksUsing dotnet root path [%s]/?-?--help-hdotnet.dll The command could not be loaded, possibly because:
        Source: zbROZPjAQ7.exeString found in binary or memory: %s --list-runtimes Display the installed runtimeshost-options: The path to an application .dll file to execute.path-to-application: --info Display .NET information. -h|--help Displays this help.Common Options: --list-sdks Display the installed SDKsinvalid hash bucket countunordered_map/set too longinvalid string positionvector too longInvalid startup info: host_path, dotnet_root, and app_path should not be null.A fatal error occurred while processing application bundlehostfxr_main_bundle_startupinfo--- Invoked %s [version: %s]hostfxr_main_startupinfoget-native-search-directories--list-runtimes--list-sdksUsing dotnet root path [%s]/?-?--help-hdotnet.dll The command could not be loaded, possibly because:
        Source: zbROZPjAQ7.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
        Source: unknownProcess created: C:\Users\user\Desktop\zbROZPjAQ7.exe "C:\Users\user\Desktop\zbROZPjAQ7.exe"
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1612 --field-trial-handle=1488,i,14311009380432291782,1194724055867513184,262144 --disable-features=PaintHolding /prefetch:8
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9553 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=372 --field-trial-handle=1404,i,1325028692104923150,16817396278777672498,262144 --disable-features=PaintHolding /prefetch:3
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9553 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1612 --field-trial-handle=1488,i,14311009380432291782,1194724055867513184,262144 --disable-features=PaintHolding /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=372 --field-trial-handle=1404,i,1325028692104923150,16817396278777672498,262144 --disable-features=PaintHolding /prefetch:3Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: icu.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: wshunix.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeSection loaded: gpapi.dllJump to behavior
        Source: zbROZPjAQ7.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: zbROZPjAQ7.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: zbROZPjAQ7.exeStatic file information: File size 39885660 > 1048576
        Source: zbROZPjAQ7.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x61a800
        Source: zbROZPjAQ7.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x17c600
        Source: zbROZPjAQ7.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x14b800
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: zbROZPjAQ7.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: zbROZPjAQ7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdb source: System.Threading.Thread.dll.0.dr
        Source: Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb@@@GCTL source: sni.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdbSHA256 source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256P?> source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: System.ObjectModel.ni.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: System.IO.MemoryMappedFiles.ni.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdb source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256<q source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdbSHA256 source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdb source: System.Drawing.Common.dll.0.dr
        Source: Binary string: System.Runtime.Serialization.Primitives.ni.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdb source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdbSHA256 source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdbSHA2563 source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdbSHA256 source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TextWriterTraceListener\Release\net8.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdbSHA256m source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256v source: System.Buffers.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdbSHA256 source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdbSHA256, source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Threading.ni.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdbSHA256] source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: System.Net.ServicePoint.ni.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdbSHA256a{ source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: System.Net.WebProxy.ni.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: System.Configuration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdbSHA256 source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA256 source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256sO source: System.Net.Requests.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdb source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdb source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdbSHA256 source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdb source: System.Transactions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdbSHA256s source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.Brotli\Release\net8.0-windows\System.IO.Compression.Brotli.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Watcher\Release\net8.0-windows\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdbSHA256 source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdb source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdbSHA256: source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdbSHA256 source: System.Transactions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256I source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdb source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdb source: mscorlib.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdbSHA2568^ source: System.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.JavaScript.ni.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdbSHA256t source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdb source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: System.IO.Compression.Brotli.ni.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdbSHA256> source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256[ source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Diagnostics.TextWriterTraceListener.ni.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdbSHA256r source: System.Reflection.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdbSHA256) source: mscorlib.dll.0.dr
        Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA256 source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdbSHA256 source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdbSHA256 source: System.Threading.Thread.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ObjectModel\Release\net8.0\System.ObjectModel.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256 source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdb source: System.dll.0.dr
        Source: Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdbSHA2562R4c source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdb source: System.Reflection.dll.0.dr
        Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: System.AppContext.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb source: sni.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdbSHA256 source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: zbROZPjAQ7.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdb source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdbSHA256 source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdb source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: System.AppContext.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256NX source: System.Security.SecureString.dll.0.dr
        Source: Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdbSHA256#5 source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdbSHA256 source: System.Drawing.Common.dll.0.dr
        Source: Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: zbROZPjAQ7.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.IO.FileSystem.Watcher.ni.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256 source: System.Configuration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: System.Buffers.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdbSHA256% source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256 source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256S source: System.Net.Mail.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256%B source: Microsoft.Win32.Primitives.dll.0.dr
        Source: zbROZPjAQ7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: zbROZPjAQ7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: zbROZPjAQ7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: zbROZPjAQ7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: zbROZPjAQ7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: System.Runtime.Intrinsics.dll.0.drStatic PE information: 0xE6058D7B [Tue Apr 15 18:46:19 2092 UTC]
        Source: zbROZPjAQ7.exeStatic PE information: section name: .CLR_UEF
        Source: zbROZPjAQ7.exeStatic PE information: section name: .didat
        Source: zbROZPjAQ7.exeStatic PE information: section name: Section
        Source: zbROZPjAQ7.exeStatic PE information: section name: _RDATA
        Source: Microsoft.VisualBasic.Core.dll.0.drStatic PE information: section name: .text entropy: 6.80183570521227
        Source: System.Collections.Concurrent.dll.0.drStatic PE information: section name: .text entropy: 6.831761822928079
        Source: System.Text.Encoding.CodePages.dll.0.drStatic PE information: section name: .text entropy: 7.522718183898096
        Source: System.Text.RegularExpressions.dll.0.drStatic PE information: section name: .text entropy: 6.876591681699572
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.TypeExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.MemoryMappedFiles.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceProcess.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Formatters.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.OpenSsl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Channels.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.AppContext.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\netstandard.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ObjectModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TraceSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.IsolatedStorage.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XmlSerializer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.ServicePoint.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.CodeDom.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Sockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceModel.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.StackTrace.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.ILGeneration.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.ReaderWriter.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.DataAnnotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\WindowsBase.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.RegularExpressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.DriveInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.ThreadPool.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Ping.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Claims.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ValueTuple.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XPath.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Transactions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Management.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.DispatchProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Console.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Quic.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Watcher.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.NonGeneric.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Tar.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Uri.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Debug.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Principal.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Permissions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebSockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.UnmanagedMemoryStream.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Pipes.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.ResourceManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Mail.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\mscorlib.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Memory.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.Messages.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.NetworkInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Specialized.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.Lightweight.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.NameResolution.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.X509Certificates.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.ZipFile.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.CSharp.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Expressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\SQLite.Interop.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.EventBasedAsync.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.SystemEvents.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.TypeConverter.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.FileVersionInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebHeaderCollection.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XmlDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Pipes.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Web.HttpUtility.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Thread.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Contracts.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Asn1.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Http.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Algorithms.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Csp.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.ProtectedData.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Handles.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebSockets.Client.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Overlapped.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Dynamic.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Queryable.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.HttpListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Intrinsics.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Calendars.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Windows.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Timer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Cng.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Process.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Loader.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tools.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.CoreLib.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Dataflow.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.DataSetExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Requests.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Buffers.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.Brotli.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SqlClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Concurrent.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.SqlServer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\sni.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceProcess.ServiceController.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.Reader.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XPath.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Transactions.Local.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.Writer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.EF6.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\oke.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.SecureString.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.DataContractSerialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile created: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeMemory allocated: 2805F520000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeWindow / User API: threadDelayed 430Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeWindow / User API: threadDelayed 711Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeWindow / User API: threadDelayed 3678Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.TypeExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.MemoryMappedFiles.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceProcess.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Formatters.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Channels.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.OpenSsl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\netstandard.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.AppContext.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ObjectModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TraceSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.IsolatedStorage.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XmlSerializer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.ServicePoint.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Sockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.CodeDom.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.StackTrace.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.ILGeneration.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceModel.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.ReaderWriter.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.DataAnnotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\WindowsBase.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.RegularExpressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.DriveInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.ThreadPool.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Ping.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Claims.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ValueTuple.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XPath.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Transactions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.DispatchProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Management.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Quic.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Console.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Watcher.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.NonGeneric.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Tar.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Uri.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Principal.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Debug.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Permissions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebSockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.UnmanagedMemoryStream.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Pipes.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.ResourceManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Mail.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\mscorlib.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Memory.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.Messages.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.NetworkInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Specialized.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.Lightweight.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.NameResolution.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.X509Certificates.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.ZipFile.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.CSharp.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Expressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\SQLite.Interop.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.EventBasedAsync.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.SystemEvents.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.TypeConverter.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.FileVersionInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebHeaderCollection.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XmlDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Pipes.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Web.HttpUtility.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Thread.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Contracts.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Http.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Asn1.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Algorithms.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Csp.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.ProtectedData.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Handles.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebSockets.Client.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Overlapped.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Dynamic.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Queryable.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.HttpListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Intrinsics.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Windows.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Calendars.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Timer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Cng.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Process.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Loader.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tools.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.CoreLib.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Dataflow.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.DataSetExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Requests.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Buffers.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.Brotli.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SqlClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Concurrent.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.SqlServer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\sni.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceProcess.ServiceController.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.Reader.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XPath.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Transactions.Local.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.Writer.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.EF6.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\oke.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.SecureString.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.DataContractSerialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 6156Thread sleep count: 206 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 6156Thread sleep count: 52 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 6300Thread sleep count: 38 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 6580Thread sleep count: 32 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 6580Thread sleep count: 119 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 4564Thread sleep count: 31 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 4564Thread sleep count: 430 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 4564Thread sleep count: 139 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 4564Thread sleep count: 711 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 6156Thread sleep count: 3678 > 30Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exe TID: 1360Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: zbROZPjAQ7.exe, 00000000.00000003.2177291195.00000280609E1000.00000004.00000020.00020000.00000000.sdmp, zbROZPjAQ7.exe, 00000000.00000003.2230069999.0000028060B81000.00000004.00000020.00020000.00000000.sdmp, zbROZPjAQ7.exe, 00000000.00000003.2406874192.0000028060BB0000.00000004.00000020.00020000.00000000.sdmp, zbROZPjAQ7.exe, 00000000.00000003.2406562112.0000028060BB0000.00000004.00000020.00020000.00000000.sdmp, zbROZPjAQ7.exe, 00000000.00000003.2231771942.0000028060BB0000.00000004.00000020.00020000.00000000.sdmp, zbROZPjAQ7.exe, 00000000.00000003.2178317619.0000028060AF1000.00000004.00000020.00020000.00000000.sdmp, zbROZPjAQ7.exe, 00000000.00000003.2404637697.0000028060BB0000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2377841064.000001D87528E000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2606655601.000001AB39A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9553 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDirectory queried: C:\Users\Public\Documents\638724340326124129\FilesJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDirectory queried: C:\Users\Public\Documents\638724340326124129\Files\DJump to behavior
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeDirectory queried: C:\Users\Public\Documents\638724340326124129\Files\DJump to behavior

        Remote Access Functionality

        barindex
        Attempt to bypass Chrome Application-Bound Encryption
        Source: C:\Users\user\Desktop\zbROZPjAQ7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Command and Scripting Interpreter        		1
        DLL Side-Loading        		11
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		1
        Security Software Discovery        		Remote Services11
        Data from Local System        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Disable or Modify Tools        		LSASS Memory1
        Process Discovery        		Remote Desktop ProtocolData from Removable Media1
        Remote Access Software        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
        Virtualization/Sandbox Evasion        		Security Account Manager31
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive1
        Ingress Tool Transfer        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Obfuscated Files or Information        		LSA Secrets1
        File and Directory Discovery        		SSHKeylogging3
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Software Packing        		Cached Domain Credentials2
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Timestomp        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        zbROZPjAQ7.exe26%ReversingLabsWin64.Trojan.Giant
        zbROZPjAQ7.exe29%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.SqlServer.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.CSharp.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.Core.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Primitives.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Registry.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.SystemEvents.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Newtonsoft.Json.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\SQLite.Interop.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.AppContext.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Buffers.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.CodeDom.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Concurrent.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Immutable.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.NonGeneric.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Specialized.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Annotations.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.DataAnnotations.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.EventBasedAsync.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Primitives.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.TypeConverter.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.ConfigurationManager.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Console.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Core.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.Common.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.DataSetExtensions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.EF6.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SqlClient.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Contracts.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Debug.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.Messages.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.FileVersionInfo.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Process.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.StackTrace.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TextWriterTraceListener.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tools.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TraceSource.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tracing.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Common.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Primitives.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Dynamic.Runtime.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Asn1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Tar.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Calendars.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Extensions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.Brotli.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.FileSystem.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.ZipFile.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.AccessControl.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.DriveInfo.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Primitives.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://anglebug.com/6929eup.0%Avira URL Cloudsafe
        http://anglebug.com/3625a0%Avira URL Cloudsafe
        http://anglebug.com/5906a0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        api.ipify.org
        		104.26.12.205
        		truefalse
          		high
          ip-api.com
          		208.95.112.1
          		truefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://anglebug.com/6651chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://anglebug.com/6574chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://anglebug.com/4830chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://aka.ms/dotnet/infozbROZPjAQ7.exefalse
                    		high
                    http://anglebug.com/2970chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://anglebug.com/4633chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://anglebug.com/7382chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://issuetracker.google.com/284462263msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.chambersign.org1msedge.exe, 00000006.00000002.2607272758.0000252800068000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://aka.ms/dotnet/app-launch-failedzbROZPjAQ7.exefalse
                                		high
                                http://anglebug.com/3625achrome.exe, 00000002.00000002.2381678078.00006120003A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://anglebug.com/8162chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://anglebug.com/8280chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://issuetracker.google.com/220069903msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://anglebug.com/7308chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://anglebug.com/2162chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://anglebug.com/6929eup.chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://anglebug.com/7714chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/5430chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://anglebug.com/4901chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://anglebug.com/3498chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://anglebug.com/6248chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anglebug.com/6929chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.EF6.dll.0.drfalse
                                                        		high
                                                        http://anglebug.com/5281chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://anglebug.com/4966chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/7319chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://issuetracker.google.com/255411748msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/5421chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://anglebug.com/7047chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://anglebug.com/7246chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7369chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7489chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://issuetracker.google.com/274859104msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://aka.ms/dotnet/download%s%sInstallzbROZPjAQ7.exefalse
                                                                              		high
                                                                              http://anglebug.com/6878chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://anglebug.com/6755chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/6876chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/7724chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/dotnet/runtimen;System.Transactions.dll.0.drfalse
                                                                                        		high
                                                                                        https://issuetracker.google.com/161903006msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/7172chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/dotnet/runtimetSystem.Buffers.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.drfalse
                                                                                              		high
                                                                                              https://github.com/dotnet/runtimeoSystem.Globalization.dll.0.drfalse
                                                                                                		high
                                                                                                https://anglebug.com/7899chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/7279chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/3078chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/7036chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/7553chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/5375chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/6860chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.catcert.net/verarrelmsedge.exe, 00000006.00000002.2607479716.00002528000DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/5371chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://aka.ms/dotnet/sdk-not-foundProbingzbROZPjAQ7.exefalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/4722chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/5658chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/5535chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/5906achrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://anglebug.com/4324chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/7556chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/dotnet/runtimeMYSystem.ValueTuple.dll.0.drfalse
                                                                                                                                		high
                                                                                                                                https://issuetracker.google.com/187425444msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://aka.ms/dotnet/downloadzbROZPjAQ7.exefalse
                                                                                                                                    		high
                                                                                                                                    http://html4/loose.dtdzbROZPjAQ7.exefalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/3584chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/dotnet/runtime=System.Resources.ResourceManager.dll.0.drfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/4551chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/5881chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608551265.0000252800290000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/6692chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://issuetracker.google.com/258207403msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://issuetracker.google.com/253522366msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/3502chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://anglebug.com/3623msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/3625msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3624msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/3586chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/5007chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/dotnet/runtimeASystem.Security.Cryptography.Encoding.dll.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/3862chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://issuetracker.google.com/184850002msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/4836chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://issuetracker.google.com/issues/166475273msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://.csszbROZPjAQ7.exefalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://aka.ms/dotnet-core-applaunch?zbROZPjAQ7.exefalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://anglebug.com/5845chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/dotnet/runtimeSystem.Xml.XmlSerializer.dll.0.dr, System.Reflection.Emit.Lightweight.dll.0.dr, System.Buffers.dll.0.dr, System.Runtime.Serialization.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr, System.Dynamic.Runtime.dll.0.dr, System.ComponentModel.Primitives.dll.0.dr, System.Diagnostics.Tracing.dll.0.dr, System.Threading.Tasks.Parallel.dll.0.dr, System.Diagnostics.TextWriterTraceListener.dll.0.dr, System.Text.Encodings.Web.dll.0.dr, System.IO.Compression.ZipFile.dll.0.dr, System.Runtime.Serialization.Primitives.dll.0.dr, System.Runtime.InteropServices.RuntimeInformation.dll.0.dr, System.Runtime.InteropServices.dll.0.dr, System.Security.Cryptography.ProtectedData.dll.0.dr, System.Configuration.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.dr, System.Resources.ResourceManager.dll.0.dr, System.Threading.dll.0.dr, System.ServiceProcess.ServiceController.dll.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/5750chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/4384chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/6048chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/3452chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/6041chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://aka.ms/dotnet-warnings/System.Net.Security.dll.0.dr, System.IO.Compression.dll.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://github.com/dotnet/runtimedSystem.Security.SecureString.dll.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/4428chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/3970chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/8229chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://aka.ms/serializationformat-binary-obsoleteSystem.ServiceProcess.ServiceController.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Diagnostics.EventLog.dll.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/3577chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://aka.ms/binaryformatterSystem.ServiceProcess.ServiceController.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Diagnostics.EventLog.dll.0.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/1423136chrome.exe, 00000002.00000002.2381789239.00006120003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2381762013.00006120003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2380603535.000061200000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2607072513.000025280000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388341596.0000252800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.2608422263.000025280025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.2388507015.0000252800248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              208.95.112.1
                                                                                                                                                                                                              		ip-api.comUnited States
                                                                                                                                                                                                              		53334TUT-ASUSfalse
                                                                                                                                                                                                              104.26.12.205
                                                                                                                                                                                                              		api.ipify.orgUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                              Private

                                                                                                                                                                                                              IP
                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                              Analysis ID:1590650
                                                                                                                                                                                                              Start date and time:2025-01-14 12:46:12 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 43s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:zbROZPjAQ7.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:c46e9c80b0394baf6ef362d3f3c4827c07836f509bffcc27862d7feff3962054.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal72.troj.spyw.winEXE@13/198@2/3
                                                                                                                                                                                                              EGA Information:Failed
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              • Number of executed functions: 0
                                                                                                                                                                                                              • Number of non-executed functions: 0
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45, 184.28.90.27
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              No simulations

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              208.95.112.1#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                              rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ip-api.com/json/?fields=61439
                                                                                                                                                                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                              • ip-api.com/json
                                                                                                                                                                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                              • ip-api.com/json/?fields=225545
                                                                                                                                                                                                              F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              aik1mr9TOq.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                                              104.26.12.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • api.ipify.org/?format=text
                                                                                                                                                                                                              xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • api.ipify.org/
                                                                                                                                                                                                              6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                              • api.ipify.org/

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              ip-api.com#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              aik1mr9TOq.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              api.ipify.org#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              https://runescape.games/usernames.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              http://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                              • 104.26.13.205

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              CLOUDFLARENETUS#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                                              PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                              RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.21.80.1
                                                                                                                                                                                                              https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                                              random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                              https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.17.205.31
                                                                                                                                                                                                              https://clients.dedicatedservicesusa.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                                              Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 104.21.3.193
                                                                                                                                                                                                              TUT-ASUS#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              aik1mr9TOq.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                                              • 208.95.112.1

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0e#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              https://cys-bombasml.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              UoEDaAjHGW.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              RFQ.exeGet hashmaliciousQuasar, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              https://performancemanager10.successfactors.com/sf/hrisworkflowapprovelink?workflowRequestId=V4-0-a1-iHQRWD3bQis7XhhWNKzjfWwnvURbEsN0CxUc27Zt3ml0ag&company=oceanagoldT2&username=dave.oliver@oceanagold.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              https://imtcoken.im/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.CSharp.dll6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                PDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                  pkt1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    dr0p.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      http://23.27.51.244/dr0p.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.SqlServer.dll6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          Console.dll.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.dll6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              Console.dll.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724340326124129\Browser\Firefox\v6zchhhv.default-release\Cookies.json

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724340326124129\Default_LoginDataTemp.db

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724340326124129\Files\D\hwcompat.txt

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):751624
                                                                                                                                                                                                                                Entropy (8bit):4.941596949315087
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:5CgixLwQcUHW0tKouM4kD+nRzkSv9N+VYuhras4V:AgixLIUHW0tK7MmkSv9w/tas4
                                                                                                                                                                                                                                MD5:FBF37B8B1EE4640B1C470F2F07A80E4A
                                                                                                                                                                                                                                SHA1:B239C5499FA63D397C3DD35A7F605CE86D91B44B
                                                                                                                                                                                                                                SHA-256:E21DB717F31F9465420E6354BAA5AFAEAA3521DEB885ED46BC90530AEE9FFD20
                                                                                                                                                                                                                                SHA-512:F9439E2D7B63825FE812EE380F1EF8B277D50EED706B6ABE4B8563423891FF425A00083E88626084EE493376F1DA742ECD73B6B5F892E001C4F9048C7D3AC36C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                Preview:HwCompat V4....1394.inf:..PCI\CC_0C0010..PCI\VEN_10CF&CC_0C0010..PCI\VEN_11C1&CC_0C0010..PCI\VEN_100B&DEV_000F..PCI\VEN_100B&CC_0C0010..PCI\VEN_1033&DEV_0063..PCI\VEN_1033&CC_0C0010..PCI\VEN_1180&CC_0C0010..PCI\VEN_104D&DEV_8039..PCI\VEN_104D&DEV_8039&REV_03..PCI\VEN_104C&DEV_8009..PCI\VEN_104C&DEV_8019..PCI\VEN_104C&CC_0C0010..PCI\VEN_104C&DEV_8009&SUBSYS_8032104D..PCI\VEN_1106&DEV_3044..PCI\VEN_1106&CC_0C0010....3ware.inf:..PCI\VEN_13C1&DEV_1010&SUBSYS_000113C1....55fpgafirmware.inf:..UEFI\RES_{C907D5F6-BBE9-47EE-B76B-5E28C7F9FC63}....55niosfirmware.inf:..UEFI\RES_{06B75ADA-B0E1-46BA-BB3B-4D6E4A0F2CB1}....55smcappfirmware.inf:..UEFI\RES_{364D032C-0041-48A6-A26F-62388D97FC6C}....55smcbootfirmware.inf:..UEFI\RES_{DA50CBA0-8F33-4B66-8A3A-08F84015C33F}....55stguestfirmware.inf:..UEFI\RES_{4E11B2F5-AF26-49D5-A549-72AE52345E22}....55stoutfirmware.inf:..UEFI\RES_{7E2BEABF-4BE5-4C10-AF9C-4C1A69E06033}....55stpcfirmware.inf:..UEFI\RES_{296EFE23-EB18-42EE-8B12-51489B27232A}....55sttouchbackgue

                                                                                                                                                                                                                                C:\Users\Public\Documents\Backup_[United States]_8.46.123.189_[1401].zip

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):105245
                                                                                                                                                                                                                                Entropy (8bit):7.988507155271616
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:qZBYo7zUAvQlAXKqhaz+Z+Qx/qhCbWweL2ZS/MPXbr:qzYo7QlA61z+Z+Q4hCyuQ/Mv
                                                                                                                                                                                                                                MD5:66E57C31EECA7E22FDE5AAE53C43A54E
                                                                                                                                                                                                                                SHA1:EAE45CC40F2F8999419917FD4587B7EEC0D36E25
                                                                                                                                                                                                                                SHA-256:E070D529B20BAB82F0E782B8C7F4FCF89B5AD77A4120EAEC3C9A6F910EDC4068
                                                                                                                                                                                                                                SHA-512:033611008BEE16733823E21A6692FB61F8705029FFAA0CA3A114B2C67F54C4CA7FCB9C153BE1EF5A175ED984AE7A63A094724AAEE836B7E19E02843C63970F63
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:PK........d.(U.8n~.....x......Files/D/hwcompat.txt..ks.7.&......_.g...*...~z.*.....n..":(..x,^B.l.N..?.uMt'PY.......-.$.............?....~.............Eq......Uuq.>..~.t.......y^}Df.A.......x<.]6l./H-.-&c$....KY..L............0q.s/j`.....p.....w.M.T....}..i@........O...} ./.z.a[...*R/..:Z.y..t\U.<..EX........-.....+./..0+.E.U.BG9|.A..eT..U.........g+. .%.Q..<...,Zd*......Lc.Q1r....jeUf.W.H. X.<..I.d./....a..u......;+].~..p..*Z..P..XeU......VO...J.U...*\....eZ.W.....|...o.|T.Uu..E...B+h.$..".u..*V...>......o~....... L."/.e.x........yU.^.=/.......8.2^.a..4.."..h.4N.$..:....8......dQ...[.U....E..Tu..u.0..$...8.}.<U..(.A'2..A.N G...%...Z)(..k(d\..T.....(.<..6o.vv."(..D|.A/Z. .A.3.D5..t.%m.'z...~.F...I.6..,. .>.Fu...=l...D.Be.....^.**!S.Z$:.uPVa.....DI..a.f.(.A....~\,T..~Q.U.F.+W'.1...;.V.*R(^T,. .....z....F.{Q.e~R..4...8..i...(.UU&..j...S..."/.q.)...t.m.,.......s.#.~..ARBu.PG.N..+..u.eyV.A.d.<.....+..D...+S.....X..Q..0..m..AP.*..E.. .:R.4.q.........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5Ltll:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                MD5:A5BB6D3732EFB1F0C13CCB17451A286E
                                                                                                                                                                                                                                SHA1:4A5CC29F1D332F1781A924381E5B7183CF9928F9
                                                                                                                                                                                                                                SHA-256:552D03793D7F59EF539D9DC29F37443BED49893078A93B59EE3F54F8F45F849A
                                                                                                                                                                                                                                SHA-512:2C5EA73A996DAB755F4766611683634DA131735A940CA5628C52BD85E91C59E58E99CFD9B8132C16054007E4AC645937C81893DA063CAA58772B9CB27B421720
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                                Entropy (8bit):4.4904571936428965
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:hzKB2KSuyFtU4iisT3l:0Bt5oRiiy3l
                                                                                                                                                                                                                                MD5:50AFD70B8695AC9931867D38F6417236
                                                                                                                                                                                                                                SHA1:97A0A6B2CDF1DCD2826E99064CB22C39DEA486BD
                                                                                                                                                                                                                                SHA-256:97CD90AE93B308DECE5A93AC1267CFF84160797917FA198A3D606537B2FFA8F9
                                                                                                                                                                                                                                SHA-512:F9586E999344A13E3EE8DE7676391D38B9A88F8C8FE71DBFBB358C6B41F08B0AF0F0D0839F0FADDC7F5222A3D09E58D894CC3992B3A8ABC83317D63F09F3A04E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:9553./devtools/browser/3024699f-62ba-4f36-a739-a66091df8cc6

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.SqlServer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):591440
                                                                                                                                                                                                                                Entropy (8bit):6.06924298598343
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:CTiRnMqz14Oc9CxCTROMKahag9QQB6FHK13z6kuyPQG2puGeqVmjaVmnS4bfu65V:RnMqz14OcksHuAu65V
                                                                                                                                                                                                                                MD5:949A71C816089308551D32BC4BFFEA26
                                                                                                                                                                                                                                SHA1:D53C2BA8ED7571BF5F60759D67CC7CAE1ECBCA00
                                                                                                                                                                                                                                SHA-256:BE2BCDC9C0FF4A2865C8E5296F6A3C87C22411FF268E5EFF30FDCF5F8B2561E2
                                                                                                                                                                                                                                SHA-512:9FAD72A10898AE253CC8EC5F708B0856B649528B9CDD0F6851930264BA7246E41C0E13DDC72A1A4550823E3030E15C9D320412DF80B3A968D1056DB0065AD6C3
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                • Filename: 6kK89mR2aq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: Console.dll.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............" ..0.................. ........... .......................@............`.................................{...O.......t...............P$... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B........................H...........`...........8....]............................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. #'p )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*:.(2.....}....*..*J.......s;...(...+*J.......s<...(...+*........s=...(...+%-.&.......s=...(...+*J.......s>...(...+*J.......s=...(...+*.(....s?..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\EntityFramework.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):4977744
                                                                                                                                                                                                                                Entropy (8bit):6.096478054710026
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:+VEvjTmOH5S1w66gqvcWLxPkKOeI2y3BzwNZEnq:WEvjPGw8qPLxPnI6P
                                                                                                                                                                                                                                MD5:6999777A429B6A0EFD83AC3115F531CD
                                                                                                                                                                                                                                SHA1:158644373AA9A2C33032C5C07E430A120D7D3754
                                                                                                                                                                                                                                SHA-256:EADBAC604EFE1EA0272D1285F48E358541978AA1D198EF0420B0E522C793B8B4
                                                                                                                                                                                                                                SHA-512:EE21E3203C063950867B8710407130CA40D9FE5F1C07A2D0754D0673EAC0486B80A4286B3D385E35F78FDAEF089DDAF3391085E3DC4117410D654957D2020591
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                • Filename: 6kK89mR2aq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: Console.dll.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K..........KK.. ....L...... .......................@L.....n.L...`..................................JK.O.....L.$.............K.P$... L......IK.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.....L.......K.............@..@.reloc....... L.......K.............@..B.................JK.....H.......<...,.).........h.A.....`IK.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.CSharp.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1005840
                                                                                                                                                                                                                                Entropy (8bit):6.7186531276890715
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:06dJq30vVE6z8LpeNY+9whtbShFtHVu9yHesCGDUD3I1i:FQ34VEYKaY++tbiHVu9yHFgrt
                                                                                                                                                                                                                                MD5:9B2A6ABE569D6BFF344CF07D3DF523A3
                                                                                                                                                                                                                                SHA1:2856F7F922F70A44132D02C0723EC2FA91E1FEDB
                                                                                                                                                                                                                                SHA-256:099BC112DC645BC4A1FC453E3B4C1FC93A164BFAF69E84C85C2B6EFAC0F7FAAB
                                                                                                                                                                                                                                SHA-512:B649400460CF236197ED168702707FB7E81FE4AA3D2542EDC07B1D3E1C520C6ECA54F77F7ABDB2DB297AEA0BC82E7A07ABF99A89CB958FEC138CDEE4FDEC5E79
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                • Filename: 6kK89mR2aq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: PDF-523.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: pkt1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: dr0p.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[............." ..... ...................................................0............`...@......@............... ..................................d....*..TQ...0...)...........;..p...........................................................h...H............text............ .................. ..`.data........0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1247496
                                                                                                                                                                                                                                Entropy (8bit):6.749340069071408
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:psvPzOPj/l89Sk2f+/eOUCxRepC3/Rk3isQFqULFL:psvPzOP7ymf+/TZq3id
                                                                                                                                                                                                                                MD5:B3D3DA24C19B47259D6C23F753AFBD8A
                                                                                                                                                                                                                                SHA1:923B52256967DCF9AE35406B803304CB97B5510C
                                                                                                                                                                                                                                SHA-256:816DE66126C5EFA65483B583F6A320C284E47FC7030F8CBD7DBED745FEDCD656
                                                                                                                                                                                                                                SHA-512:D959B6AFE6561084757F1E685167BFECCD94D44F41ADF98D8DF8AEED22296DC16C3484EFABF2EBBA7988825BE5772D51E1E179C91C8B52F024EFCDDAC77DFBEA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Y............." ................................................................Gx....`...@......@............... ..........................................d_.......)...........>..p...............................................................H............text............................... ..`.data...............................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17712
                                                                                                                                                                                                                                Entropy (8bit):6.610099146248559
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:6ku3cV6HxWmH639QdWSdX6HRN72YMTR9zUMq:ruMV/oWDg9za
                                                                                                                                                                                                                                MD5:3B3C142639335F9B615C0DE17BACB2D0
                                                                                                                                                                                                                                SHA1:C599AA74C3D0916D6E0BAF0949C5A6894145C6F2
                                                                                                                                                                                                                                SHA-256:BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5
                                                                                                                                                                                                                                SHA-512:87A3D33BE2DD049D906EEA8266FA4EE4694A81E3EE07F8205CACACC75B141605DDA2D454905BA0196FE26B8C7E68F9F2469AF2AEB4DD92FFA4A65F4C026AEBEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.............B1... ...@....... ...................................`..................................0..O....@..................0)...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.833706261769825
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:eiBpXxu0xtWhPMpWfpWjA6Kr4PFHnhWgN7acWtNfKUSIX01k9z3AGxdUK9:eiLBPWhPMpWfYA6VFHRN7Gh2IR9zJn
                                                                                                                                                                                                                                MD5:9B22CFB5BED886C6969E9C2BCA6AC35C
                                                                                                                                                                                                                                SHA1:10136331C4C4C97581055C94AE57D96DAA050FC7
                                                                                                                                                                                                                                SHA-256:150CE7473F17D708E846CCAFD9BEEAB9C341C28A130F6E37630ACAA622754A8B
                                                                                                                                                                                                                                SHA-512:E0C31B87191F833492149D9E17FB0CEB6FE15E0E053FD5959223835719F727B9524D6FA4E33EA167FF26CD912096AA455F0E6EA16BD377722D7BF9F2400B760F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.|..........."!..0..............)... ........@.. ..............................=.....`..................................)..V....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................$.....,X.k..C..9.......q..C.m...:...Qr.......Ia.Gz..@.|.s.ERw+.Y..wUD...Ks=S..2>D].o7.Qc.-.w.N.5.._.X...p.|..$...2.KHs....BSJB............v4.0.30319......`.......#~..(.......#Strings............#GUID... .......#Blob......................3................................................"...........;.l.........f.....!.E.....E.....>.................E...[.E.....E.....E.....E...B.E...O.E...v.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):121128
                                                                                                                                                                                                                                Entropy (8bit):6.1482993626679106
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:hR1cNXwrxM7wECif70JSvEVcULVi+Ril1dPC:iNIcFC270JSvEVzvC1
                                                                                                                                                                                                                                MD5:C2DC11B82A094AFCE0E4810E4FA50723
                                                                                                                                                                                                                                SHA1:769A8C969BB7EC7CA893C1939D2500BB367CF565
                                                                                                                                                                                                                                SHA-256:19EAB1189558EFEFB90F34B012B8182DFD3C707463F5E0D4F5C0D810156A5ED8
                                                                                                                                                                                                                                SHA-512:0083FFF0E424FF80B3F8A632F139AD267A14D1419ABD1B68BAF1FC84BD2E5739E805ADF10EC79D7FA325BAC553CF7F0D84C846425638292C550CA3957AF46DAB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....p...0......................................................5.....`...@......@............... .......................................4..........()..........8...p...............................................................H............text...[h.......p.................. ..`.data...a........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Microsoft.Win32.SystemEvents.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):50248
                                                                                                                                                                                                                                Entropy (8bit):6.289462537946871
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:zSXwygO6T53MF09ipSJkKFZGf9PTIG57raN8q8j76P5:zS596T53MoipSlZsVTIMvaN8Hj76P5
                                                                                                                                                                                                                                MD5:EF50BD977976ED929FABEAF6C9241C45
                                                                                                                                                                                                                                SHA1:AD004278F0C66CF0086C1024CE46B04852DE6ECA
                                                                                                                                                                                                                                SHA-256:1D5BBFB227F20E866CF25F649A059B61C3F35336F69EBD19B8EDE7B6E14A7414
                                                                                                                                                                                                                                SHA-512:5ED13DEBF26F120C80C09DF572571B3BB05FCABEE7B1C7D945D2D767B13A2FE1C5861CAD4FA1FEA1658357FB025F9237F7AE2DE510DB120CFF6EF4041D5F6707
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6)q..........." ..0.............:.... ........... ...............................X....`....................................O.......................H$.............T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........;..pt..................d.........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......( ...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\Newtonsoft.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):712464
                                                                                                                                                                                                                                Entropy (8bit):5.960816598800232
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
                                                                                                                                                                                                                                MD5:ADF3E3EECDE20B7C9661E9C47106A14A
                                                                                                                                                                                                                                SHA1:F3130F7FD4B414B5AEC04EB87ED800EB84DD2154
                                                                                                                                                                                                                                SHA-256:22C649F75FCE5BE7C7CCDA8880473B634EF69ECF33F5D1AB8AD892CAF47D5A07
                                                                                                                                                                                                                                SHA-512:6A644BFD4544950ED2D39190393B716C8314F551488380EC8BD35B5062AA143342DFD145E92E3B6B81E80285CAC108D201B6BBD160CB768DC002C49F4C603C0B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)..........." ..0.............>.... ........... ....................... .......m....`.....................................O......................../..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............9............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*.(.........*....}.....(......{.....X.....}....*....0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{|..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\SQLite.Interop.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2005688
                                                                                                                                                                                                                                Entropy (8bit):6.582595751983885
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:tQ/IZ0sF2Ou+pqnX3lJ1nCHmWbk8d7hLJ:tQ/rHnkJ
                                                                                                                                                                                                                                MD5:4930777866B1FDAED2AB80B0FB8793B6
                                                                                                                                                                                                                                SHA1:E2686B9AC7C3867C644902805142F1F42BAE7645
                                                                                                                                                                                                                                SHA-256:1111916DC329A13BD627B2CD90C9B2263DE9923FD0BB6059C69C52332F360C37
                                                                                                                                                                                                                                SHA-512:D294E9D638FB6D579FDFD69A9F098B2D8087FC6C1C240496CC99804980284352299B52B9A2D6B1D1289FFDC5F5ECF364E67EB32E7B4A9A8DDF20C723F9FA28D5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................:..........!.....!.....!......I....w.(....-p.......6...=!.....=!.....8!.....=!.....Rich............PE..d....Q.f.........." .........d......................................................M.....`..........................................u..8...8...x....p....... ...>...F...T..............p...........................p................................................text...o........................... ..`.rdata.............................@..@.data....p.......R..................@....pdata...>... ...@..................@..@.gfids.......`......."..............@..@.rsrc........p.......$..............@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.AppContext.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.754633849646731
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:FYjgxACvaW+S7WFlWxNzx95jmHnhWgN7aIW+/yaYHnsTX01k9z3A1dcdL:Fk+NaW+S7WFGX6HRN7BnYMTR9zUdAL
                                                                                                                                                                                                                                MD5:CA56A8F20FBC0DC300136A7F52CE5448
                                                                                                                                                                                                                                SHA1:3BC48E9E7EBFFCBDE4A0018ABEE27077AA22C90B
                                                                                                                                                                                                                                SHA-256:1EE0C49348E8F269D65096B2A749E81E06ABED0796BE768D5383F174B3EBED61
                                                                                                                                                                                                                                SHA-512:2EC0A88FE112AC840DFBC7992028B85FF216AFF944483F1FC518A5E5E3822A6E7A2E7995E22464A07E3089680664D87124A1F1B1C3036C0F19B643FDF16F5D50
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................w'....`..................................(..O....@..h...............0)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Buffers.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.745504174553825
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:/XlE3V0WYZ2Wh8pWjA6Kr4PFHnhWgN7aIWH9qLrRGhFKeX01k9z3AB+Bf5e:99WYZ2WCYA6VFHRN7Cu0R9zI+1
                                                                                                                                                                                                                                MD5:CAA67B5CB207447441AF97F77A8D28EE
                                                                                                                                                                                                                                SHA1:00321E60DB8F53DAAB0AF1D86F090B6B77CA2F0B
                                                                                                                                                                                                                                SHA-256:49BD03FF5EF094D48ACE745D8F5C81077D28551CCA08B16D4C4DFAFAA352E43A
                                                                                                                                                                                                                                SHA-512:4F886B2E093397A857F69B1635BF3B6ABDD181D17FF21F19AD99916894A684AA35D834FDD03EFEF846AEA6BC99E42D4FBAA7E50EF2400CB818A301A285841B8E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F7..........." ..0..............(... ...@....... ....................................`..................................(..O....@..X...............()...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...|...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.CodeDom.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):183576
                                                                                                                                                                                                                                Entropy (8bit):5.938875075706144
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:bMKminLBDcR+s0sK1eW0F5PIlwbrebRYSH+lTWh1vQ44:3LBk0s3hebCSKisF
                                                                                                                                                                                                                                MD5:3F5C6DDD8CC2B92E7BB742ADDB3EA650
                                                                                                                                                                                                                                SHA1:677800EB1BC1D5EFB1F77D4ACB4164A10A7DA0D9
                                                                                                                                                                                                                                SHA-256:8D9C04FED7926CD1332DCCCE32E65BC32D19A5DF7737EDE981BD136A0EA372B8
                                                                                                                                                                                                                                SHA-512:F58C9C034DBD33BA3196DAFF5D4B2F53A6CBBD8D2E350C4944A8B883D858B991614651444762B62D90BC10863A41EF73F3A9E4B689673D190BA15C033091A737
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....LP..........." ..0.................. ........... ..............................{.....`.................................i...O.......X................)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H.......`Q...W..........................................................z.(....-..(....,.r...p.(2...*.*"..(....*2~.....o3...*..o4..../..*..o5...._3...o5...._3...o5...._.....*.*.0.............(6...,..*..8......o5.....(7.....E................................................................................+...+..,..._...*..+..,....(....-..*..X...o4...?l....*....0..s.........>5T..$YE....0...7...0...7...7...7...0...0...0...0...0.....:YE........................+...[....]....`..+...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):276744
                                                                                                                                                                                                                                Entropy (8bit):6.728786186995529
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:3PA2HHj4tByYOTblcFe4khyO2bIykwXLbn:3I2Hj4tBypHfhD2bIrEXn
                                                                                                                                                                                                                                MD5:B9B20837FC21F3B6C7DC96118F58A584
                                                                                                                                                                                                                                SHA1:A1E60495DA508FACB76031996ABCA51306078142
                                                                                                                                                                                                                                SHA-256:4CC75A63FED0A6388C95628EFBEA788408E4167595D8F3980BCD2BEB9B439541
                                                                                                                                                                                                                                SHA-512:720FC092603432E3640C9B4C71C969403D2BF400E1C2F7EF1F0C46D85E8A31147113C0A191A1A3180D9FE26337C3E1D0F6BA38505BC8146156A88841F8FFBECF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....(..........." .........P.......................................................#....`...@......@............... ...................................... n...........)..............p...............................................................H............text.............................. ..`.data...h=.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Immutable.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):837928
                                                                                                                                                                                                                                Entropy (8bit):6.723068549493689
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:arJR+uRoPwKMeN8/98vTU4dQEE3k0T9YLVgHr4iuGvNgllggskj:m+u68abw+CMiz2llas
                                                                                                                                                                                                                                MD5:B55D4397AF5909E22B8B50E6D6E35385
                                                                                                                                                                                                                                SHA1:0335B1040CC5339FFAA7833842FDCB1424A19B30
                                                                                                                                                                                                                                SHA-256:6446E921CF1D5E9B7E9CCE08E1061206129A1D29407B59FF48CBB44ADDBC082A
                                                                                                                                                                                                                                SHA-512:5A2B196A715BD4334F8A35A61E09C5EA620B710185B18A6DC93E7496367FCA292F3492663C0AC5739BDEB3090E472543F50729C3394FF7B133AB582FCB9E8270
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...1Y............" .....@...P............................................................`...@......@............... ..........................................Hr......()..........( ..p...............................................................H............text...P0.......@.................. ..`.data...L$...P...0...P..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):104752
                                                                                                                                                                                                                                Entropy (8bit):5.951214543616432
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:XHs0tJVDX9LOIbwNC5IQ7XVrMZqz9AOWSUdbWKvzd8:XM0dzNOIc+IQLGZqzKOOZR8
                                                                                                                                                                                                                                MD5:D8E1F2706EDBBB0D5283E866FD6B5A68
                                                                                                                                                                                                                                SHA1:5893B4B685A2172D37DF5519AD00F02B5132DB50
                                                                                                                                                                                                                                SHA-256:891A7B6BAA99B3A98D33947E69CB35F415BF735D9515DA628D6624BD64595BBE
                                                                                                                                                                                                                                SHA-512:82F5FCA1138885BF890EA262B7B453E05C76095A7C80F66D2F90CAC91B374153A7E53B4F0C215B389BDAFF63F91DC52912382960E24C646429E12908AB2FECA5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...c............." .....0...0...............................................p............`...@......@............... ......................................H0.......p..0)...`..........p...............................................................H............text...:+.......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.Specialized.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):104760
                                                                                                                                                                                                                                Entropy (8bit):6.023688556329198
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:/AKdRfAUP9WSJLeI620hCYCARk4YIAO8xocgO50/d0VIOXWShzpS:/AKfASpeJDPAOSocgOa/OBXhhE
                                                                                                                                                                                                                                MD5:408636AD69D82964450D11E2BC2B063E
                                                                                                                                                                                                                                SHA1:C6701A74D0993B7E8242DC45C73C47CF38A8CF1C
                                                                                                                                                                                                                                SHA-256:B2EABD2CC9923818F6D1BDFB3E9CFE02A54D6327DCC4AECCF61F895E0E02E67A
                                                                                                                                                                                                                                SHA-512:FC252CB0E6B778E410856C1D8B2E00A925C8C6A31E8622687D56D641DC54DAD004507AF4A23406448D1410CB618F7689704E0D504B55A68BA2BD6BD05E8254A5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....<..........." .....0...0...............................................p.......y....`...@......@............... ......................................x1.......p..8)...`......@...p...............................................................H............text...1).......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Collections.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):260400
                                                                                                                                                                                                                                Entropy (8bit):6.618537900857936
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:unxoXLUDXDiKNYX8qTKfAyryS1rIgD3lgT:mxCUDXDiQ+jTURrhFLlY
                                                                                                                                                                                                                                MD5:F79C5255B5A8113246917AE7681E4A24
                                                                                                                                                                                                                                SHA1:CC1B9BED6269BB109657A3BBEC56F54C31444B0E
                                                                                                                                                                                                                                SHA-256:5B20181EE4E188AA6B328C107FEE9506E63EFE3A4F9D2C3517EF2972B6AA1211
                                                                                                                                                                                                                                SHA-512:731AB48B1913FC9BA4F8D25EB497EF860796FFCA7364AC91D18BE2DCB243CDA6BAE0BD141CD6B8CB77C940253FE642BD44D85999003DD5701BE9242A6BDAB5BB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....;..........." .....p...P......................................................7.....`...@......@............... ..................................t....[..8.......0)..............p...........................................................x...H............text....g.......p.................. ..`.data....>.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):203048
                                                                                                                                                                                                                                Entropy (8bit):6.207009954800782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:Fyzc/yxHdJdq+4dCLLe6Yfn33wmMWQArD5/oE5bF6fLUV/Yqp:omyx9env3wzWQArcUV/Yy
                                                                                                                                                                                                                                MD5:60AC5526E44A9F031F87CD84CEC7140F
                                                                                                                                                                                                                                SHA1:4DFF306D8D13C393EB5924BACF4788397FE29B03
                                                                                                                                                                                                                                SHA-256:7ABBB89A3B170A9DB8894B7B6E24A6CE99340F6938E1B78A1DE0A941B8B5BB61
                                                                                                                                                                                                                                SHA-512:18F1B98E350D32DB9269CCB8B650D9E433BC18CE5CBC69B37082E182B3793900616D60814215FE6C5B39C2811A5A9153B6D0BCFD8BB00DA499AB8CA76410CB78
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...er............" .........P............................................................`...@......@............... ......................................8I..p.......()......L....!..p...............................................................H............text............................... ..`.data...M9.......@..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.675054821557407
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:BjpmblJeIeGXxlkGl0Wu+XWEtX6HRN7klMR9zPyjO:BLc/Wk69zKjO
                                                                                                                                                                                                                                MD5:F8ADC8C164B2D4E9D87DCABCBDA95B44
                                                                                                                                                                                                                                SHA1:2D78A2C285FD096612530ED90BF7FBA8A2AE1392
                                                                                                                                                                                                                                SHA-256:E49B3F50FDB62357C70C944EF84DBCDE9DA86D2833882EA08AC28B1D3DA0EBBB
                                                                                                                                                                                                                                SHA-512:254E544BE19F32F0DF65627F80EF5D456B52FE38DCA7F1B498839649318CC6A60EC0B81984548BBB20A39753EC4904EC74AD057D2DE2D128CAB81E1FE5444143
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.g..........." ..0.................. ...@....... ..............................1.....`.....................................O....@...................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47368
                                                                                                                                                                                                                                Entropy (8bit):5.343354931264753
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:fWvPwWlrTB3PadWBj/Dqhzq1c8dgfL9ikyr46JXfCvDXxO88+aEZ4jIwVPBvAN4x:MflmYlkB9n88IVJg86FClUU9zwa
                                                                                                                                                                                                                                MD5:8118646098B1A4570BB29A5D867A1983
                                                                                                                                                                                                                                SHA1:58787C4A3E3285BA9C7E7B7574C552467FD96F6F
                                                                                                                                                                                                                                SHA-256:6C2BA61732037024199D6CB5841E41A51370399ED8E9402D20D378C4C79DCCDC
                                                                                                                                                                                                                                SHA-512:2CA167E4AA6DEC9B3C811F22DE33FF92DDA58E170EBD322DE54D1725AB6A47403DA7D595A18BE7F72DB2C28C03E620F2505992B29E32BA731E5E442AEE9DF023
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...AM............" .....`... .......................................................$....`...@......@............... ...................................................)..............p...............................................................H............text....W.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):80136
                                                                                                                                                                                                                                Entropy (8bit):5.846320393478092
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:MI5/UZMu4Thd+Cv8A/oqevD2olsmIbktDinxze:Mr4X+S85qKD2ommIiOK
                                                                                                                                                                                                                                MD5:BC478FC2764A94C56E69E9E38A51452A
                                                                                                                                                                                                                                SHA1:1C199BF6064992A5A81472B091A01F45B4442889
                                                                                                                                                                                                                                SHA-256:304635DBC025B5C3BFF78DF48C19980E9B52C632A7D3C145B61288F546293BF7
                                                                                                                                                                                                                                SHA-512:AE81A6CE5E66CDDE1B074474459DB6081C627B8B38E0F959EBCDEE02AE935BB022E66F39A4451989AA59E3EBB15CE3052CC23DDEE4C9DB5E6649D33EAEE484B6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....N............" ......... ....................................................../l....`...@......@............... ......................................<&..X........)..........x...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):747824
                                                                                                                                                                                                                                Entropy (8bit):6.643641560609559
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:8tbWtrTblAqmrIofhCXvdb+/ipZ76GaEFBiXMSuD7QLohk+xLRxw5:81WtrFlmrNfhCXvdb+/ipeEFBiEDMSk1
                                                                                                                                                                                                                                MD5:DB6BCFE78A5A8BA98D4042A2567933F2
                                                                                                                                                                                                                                SHA1:463D999211CCE7B669437DF3935BE627DCDE8E7B
                                                                                                                                                                                                                                SHA-256:CD7E2EF84253D24807DD61EF644F5AD8042656340DD02830E3F22E6A7EAB8D06
                                                                                                                                                                                                                                SHA-512:FD099BFB3C1328602458C6F2C4F7C9FD470CBB0ED78CEADBE70F92E4860701AF956504A4C18443DCCBA63A819D764F1FD3CD3E82A21214FC5189EE2BD0D1C8A5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....s..........." .....P...................................................@.......&....`...@......@............... ......................................p....X...@..0)...0......x<..p...............................................................H............text...L@.......P.................. ..`.data........`.......`..............@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ComponentModel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):30984
                                                                                                                                                                                                                                Entropy (8bit):4.326509735182786
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:+W4I1Wzqib+d0PMpYA6VFHRN7UYJ2R9zU3:XF5FClhK9z6
                                                                                                                                                                                                                                MD5:040F8D89AA869EBAE8DD21141ED326B0
                                                                                                                                                                                                                                SHA1:DD4B5B58DFE497F76F61891B8E62695310262896
                                                                                                                                                                                                                                SHA-256:0BF9E3E6C8327B7DB4372F27507A71BF0EF06B22F042BBACF4A860F0922BE1FE
                                                                                                                                                                                                                                SHA-512:6AD73EBE3CB5FE756D5BBACDF6BA09D490D619A1067DC2B6945871F6B7EE5C8901C45B491A26B23E74B8911F396F61EA9A88DE4B2F6BACD1CBF9E20496EF527A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............" ..... ... ...............................................P......)+....`...@......@............... ..........................................0....P...)...@......8...p...............................................................H............text...1........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):375912
                                                                                                                                                                                                                                Entropy (8bit):5.984458134179533
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:b28/xHM7l2JzUcq0RmVyiyYWu5nhezpmQiKyTgQ+2/NVQ8GLa0Uh55T3lEC/IOPv:b2ORklOELVIuJhel3Q+2/NVQ8GLa0UhB
                                                                                                                                                                                                                                MD5:70E81BFC1DCCE3AA3AB30C3ABAF3EA53
                                                                                                                                                                                                                                SHA1:2132451E6DC8B1C18568181DDB5D697A491EF7FA
                                                                                                                                                                                                                                SHA-256:4668F89524FCB4D71950E0AD7E0D56E5E5DB2C70E395AD49F7DB6A8164CC50D6
                                                                                                                                                                                                                                SHA-512:37B143C9FF3D06D87B07BD2118A22B48F7DA590E5AE0C03D40A9B9BBBE45A184F091A23FB6CB7CF0FF8BA68E06815078D8E0738CAA4529666E2C98C6F7F057A0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0.................. ........... ....................................`.................................0...O.......4...............h$.......... ...T............................................ ............... ..H............text... .... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................d.......H......../..T................{............................................((...*..((...*..*..0..1.......(....,..%-.&.*..(.....o)......&...,...o*...,..*.*....................(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r...p......%...%...(+...*...(1...*.(....,.r...p......%...%...%...(+...*....(2...*.(....,"r...p......%...%...%...%....(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Configuration.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19760
                                                                                                                                                                                                                                Entropy (8bit):6.50388265626174
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:TMXTSv/fUNRvGZYdf3zyP/weP+YHTWvANWxRX6HRN7h9bt5R9zExRK:qQPVKWjx9zsK
                                                                                                                                                                                                                                MD5:96C347B57AAA9AB1CFA8365585E9C9A1
                                                                                                                                                                                                                                SHA1:17B2B2F1019CC93ED1AEF0BE445CB1053C01341B
                                                                                                                                                                                                                                SHA-256:19C65DDFD1C484306C928BB8AE838215F7A689E757326791E50FD3C488CD1284
                                                                                                                                                                                                                                SHA-512:EC1DC25698B055F2C72A435F7C62B93635959A09C142D8908C2B03CEDF45B2E138A27DD227F4CAFA701897B8A305071346056DFE9017A1E0229C6A640B36660A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=#............" ..0.............v8... ...@....... ....................................`.................................!8..O....@...............$..0)...`......87..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................U8......H.......P ..h....................6......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob......................3................................h.................2...%.2.........R.......b.....U.....U.....,.....U.....U.....U.....U...3.U.....U.....U.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Console.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):174376
                                                                                                                                                                                                                                Entropy (8bit):6.280397830530098
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:zqPlmXCzdfd6+Vfz5mDVV9evshARZvgL4OUgZjZXR1BB1GlKi7:uPoXifd6qwV9eEh2ZvgmQ9bB2KG
                                                                                                                                                                                                                                MD5:E58A5726978B1DFD94B6B4CB38102340
                                                                                                                                                                                                                                SHA1:D1A561662830FD01351341CA862BB93191095338
                                                                                                                                                                                                                                SHA-256:8469DEB8C7D532E8857F5C68DEB291035103DEE3698BF5005F4E08C5BD05775A
                                                                                                                                                                                                                                SHA-512:2D7B698720D7AB2E8535A68AFA3ABA41D39A888D05E59454CB7E35EE04E9E3CAEF52EA9BE46BCD8E28C7EF4E4098F168D7D0580347A9F980893198995301A388
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..._.>..........." .....0...@......................................................c.....`...@......@............... ..................................T....<..........()...p......`...p...........................................................X...H............text...}!.......0.................. ..`.data...."...@...0...@..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Core.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.307580885714362
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:/S9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXt5zElfWXJ2WoYA6VFHRN7kxJ:K9H4Ay0l9Jr34FPhoact/iKMePLAxivR
                                                                                                                                                                                                                                MD5:85A20E6FF4565669D120A52C00B12775
                                                                                                                                                                                                                                SHA1:4C648D4161C9FD6C7FAABCDE1ED7F45A68E98A50
                                                                                                                                                                                                                                SHA-256:CC23F980E20FCED097A234AEB379D9C9C1F5235B93126709199815E96D8F2217
                                                                                                                                                                                                                                SHA-512:96DCADABD7A73584BB58459404ECD011F088AFE6BF92E413BBE69F9EC329B651415405838100513358DBF09A3EDEC23792A6C54C9BDDFDBE74870BCF74421180
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ....................................`.................................wH..O....`..8............4..()...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&.................. G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.Common.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2861368
                                                                                                                                                                                                                                Entropy (8bit):6.795825527603884
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:9flMLj5HODx+ncGZUG3k+mywJOHPxIyiNgnssolXWMW03Rz7F5hBh0TX1G:lOCOZIunssolXWMW03Rz7+Tw
                                                                                                                                                                                                                                MD5:38154C0B1654E7B38878A8D20A804979
                                                                                                                                                                                                                                SHA1:EAE6B02D412B61A64E9FE87B62B77B0A940CC899
                                                                                                                                                                                                                                SHA-256:85614A082FDB244379E34EDEA86AE8B7DAA71EFB61E52868675E5DA7685FB72F
                                                                                                                                                                                                                                SHA-512:1E487C6AF8DEF70C168B86843113BE3B0DF15CD978C68FBDC65A0F371276428731241EF315C192E85BE27234CFA6EB1072E48778C36B8845C8DA86E9614CAA73
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.w..........." .....@)..0................................................+.......,...`...@......@............... ..................................t.............+.8)...P+..-......p...........................................................x...H............text....8)......@)................. ..`.data........P)......P).............@....reloc...-...P+..0...P+.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.666464376103628
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:gmoHF/wAisWaS7W5hWxNzx95jmHnhWgN7a0WO8flXefqg7i1X01k9z3Axpzu8:HoVWaS7W5KX6HRN7QYR7i1R9zORu8
                                                                                                                                                                                                                                MD5:9783A0CCD5A64883445821E1F071076F
                                                                                                                                                                                                                                SHA1:C710BFBB818BF9F27F123F07E90DE7DC98C9F6D8
                                                                                                                                                                                                                                SHA-256:55E5BD120160DDD157A2F11C8D8F9AD99972BAF1FA78C37647B0A34F268AC0DC
                                                                                                                                                                                                                                SHA-512:23052276DD8F811D240A277FE3C7C77743FAEADC54548E4EE712D5AC4DB7921988406E66B9CEA24A0AF1D73A4D31AFA14E2ED81E87C1F874EFC36C7DF4FDE785
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@..........." ..0..............*... ...@....... ....................................`..................................)..O....@..................8)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.EF6.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):206520
                                                                                                                                                                                                                                Entropy (8bit):6.121139897829129
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:olRykDX+8KI7qTvPAIdF5/UO6KP8cyRL0LB:o/yf84DXn6KP8cz
                                                                                                                                                                                                                                MD5:0F3EE51C596E7557ED49BDDD1E57F7C9
                                                                                                                                                                                                                                SHA1:6B9E56A3F1A4847D1756F7F352EBD695D375BE27
                                                                                                                                                                                                                                SHA-256:4F7CB99BED4C0C2E0E221A9487C7697F8C882E7288FFB993908E592FFF5446D5
                                                                                                                                                                                                                                SHA-512:520BCCE956E752EEF6EF6FDEA1685D4F3A311BAB1BBE9B4DB20EE5F199EA76444D538C6588AE4250ADC2A9E14B1073699C4B41940E6554BE0BEFA04835CEC63C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.f.........." ..0.................. ........... .......................@......Z.....`.....................................O........................T... ......4...8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................DW..p............................................0..,.......~....s .......o!......r...psn.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........or........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......oo...Q.o/...*......_.M........0..n.......~....s ...%..rc..psn....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SQLite.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):446136
                                                                                                                                                                                                                                Entropy (8bit):6.166664458043378
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:x87lv7mxYhdYzX8/4uqBIbQGEZnFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpA:efhdYzX8/dbMXA
                                                                                                                                                                                                                                MD5:2CD89BD306B2E852F70CBF49C2DD1C92
                                                                                                                                                                                                                                SHA1:8D37E741238CF895E59DD73911F6D6883F9A469E
                                                                                                                                                                                                                                SHA-256:FA3D7678272B10DFA0BE3D959F0AEA38A58B75CAF1BBA06D6781218CED489620
                                                                                                                                                                                                                                SHA-512:CED25645B62D531E5E6CD629BE8DF0BD7859FF2FB52E80C67836A5C50DB011F4EEA017B34EB5005C64CB0E792ED11B716778D1C24D756508F555E42EB758C11F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.f.........." ..0..p............... ........... ....................................`.................................7...O.......p............z...T..............8............................................ ............... ..H............text....o... ...p.................. ..`.rsrc...p............r..............@..@.reloc...............x..............@..B................k.......H........n...x..................<.......................................:.(9.....}....*..{....*:.(9.....}....*..{....*...0..........(:.....-..*.o;...*...0..T.......~&.........(<....)...(=...-.~'...(>....(?...s@....)....)...(A.......,..(B....&...*.*........;C..........MM.......~,...._...*.0..(.......~&.........(<....+............,..(B....*.................0..........~&.........(<....+...(=...,.........,..(B.....9....(C...r...p......%.(..........(....(D...(E...&.8.(C...r...p...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.SqlClient.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1023360
                                                                                                                                                                                                                                Entropy (8bit):6.148689002721556
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:9SqIAB+KyECe4rnKwJyjyIcAL07LgUulGC9337lTQaf60FhFoFmF8cjcsc4FEFbZ:9SqIAB+KyECe4bNyjyIcALCgUud7lT
                                                                                                                                                                                                                                MD5:0AEBC8E926BD1F1269E5A053B6B541DD
                                                                                                                                                                                                                                SHA1:B40671A4D2973A1E4D71DC674308B8883EBE58F9
                                                                                                                                                                                                                                SHA-256:5F79C075D83904AC64510C3DC77E45980EA38B82204E39C3913531BFFF78585B
                                                                                                                                                                                                                                SHA-512:AB5D8F401F86C911DE64D8083E507C63012D9CED7AF32FD28414104E4C2E89305FBE09C49EBE9F1B2AE45FE1F45C9179BCFA4A2324D8DA1201769FAEB11F1A45
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@)............" ..0..p...........{... ........... ..............................,.....`.................................1{..O....................z...#..........<z..T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B................e{......H.......@...$...........d"..XW...y........................................{E...*..{F...*..{G...*..{H...*..(I.....}E.....}F.....}G......}H...*....0..k........u......,_(J....{E....{E...oK...,G(L....{F....{F...oM...,/(N....{G....{G...oO...,.(P....{H....{H...oQ...*.*..0..b....... .e.V )UU.Z(J....{E...oR...X )UU.Z(L....{F...oS...X )UU.Z(N....{G...oT...X )UU.Z(P....{H...oU...X*...0...........r...p......%..{E....................-.q.............-.&.+.......oV....%..{F................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Data.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):25384
                                                                                                                                                                                                                                Entropy (8bit):6.290197216885165
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:DWAAaFiTCmM82SuxDJQqMWioFWNwYA6VFHRN7IYMTR9zUQ5:CpaFiTCm0DJQsywFClVg9zR5
                                                                                                                                                                                                                                MD5:7AA4CC0823A68484980CCB05380826C4
                                                                                                                                                                                                                                SHA1:7A74462318DDB1B472CA7DD9BB30B05AF2C38CB4
                                                                                                                                                                                                                                SHA-256:04C204B1FC3B287A1C236AE14A6B397FB32BAB493FCEA64EBA78C8BB234FA37B
                                                                                                                                                                                                                                SHA-512:D7A58F21889D0CBE1AF6BDF1F009D00EA66B79512F05613EE429964CE6C789FACA1B5CEF6DDFB463D607C498A7BE671601DDC18474124E2A184049222F543C9A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w,..........." ..0..0...........O... ...`....... ...............................q....`..................................O..O....`..8............:..()...........N..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc...8....`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ...-..................LN......................................BSJB............v4.0.30319......l...T...#~...... ...#Strings.....+......#US..+......#GUID....+......#Blob......................3................................<.....H.........~.......................).r.........;.................Y.......................B....._...................#...........................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................R.....[.....z...#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.674104191430389
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:meVamI4NZKxZ88W6Z2WIW1AWxNzx95jmHnhWgN7acWnFx6RMySX01k9z3AcyFaZr:DVae+y8W6Z2WVRX6HRN7SuMR9zPyoa0
                                                                                                                                                                                                                                MD5:53A5965A6A8EA3D8EC5FA56EB53A88A4
                                                                                                                                                                                                                                SHA1:669AF6E47FFE94CC600E21A4EB052C05F65BFF01
                                                                                                                                                                                                                                SHA-256:F8179EF7837F7BF555720B9FA8C49243365794C28D2F7381E612BFC548681DF7
                                                                                                                                                                                                                                SHA-512:BBA0CE25676F1B97E4442EEF0FF0410E67DAA780AD18FFBEB61462ECB6846AA82C3AD5806656A4048111807096BF359951E2D628EF77D5923ABCEE57FC855156
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............+... ........@.. ....................................`..................................+..N....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................=......mO9Y.F.&w.(6....?.8.EG..;.J..B.j-........<Z>R._......d|Y...!.tv.k.|;mV..b.^2.<...p........4.......2.\x?.LJ]f.l.&?....BSJB............v4.0.30319......`.......#~......H...#Strings....4.......#GUID...D.......#Blob......................3......................................Z.........9.........................,...5.............{.........F.............................#.....p.........................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.74420130921519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:jXfMxA3wKbW25mWHWWxNzx95jmHnhWgN7aIWN4uvpGX01k9z3Af/8ROnkxh:jCIW25mWHdX6HRN7yxpGR9zqCOSh
                                                                                                                                                                                                                                MD5:200A2EF8039A866C29F6646C08C916A0
                                                                                                                                                                                                                                SHA1:D9AFB3DCF376FDF153D5B0F1AE6167660DFB1FEB
                                                                                                                                                                                                                                SHA-256:F587E4D5F4347D8851FE63FD165FF3AF6F0A0D7EDB22DC9EC13878CC5342AB2B
                                                                                                                                                                                                                                SHA-512:51BEB0733A184397ED605D483D0EF47F7A6B6DA05666DB5175CBDB8CDEFB90E4D6BFDB0C59E118796E9851108D590F2EADF3CF07944424C05276BD9F8A64E25C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..............*... ...@....... ..............................+.....`..................................*..O....@..................0)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):416056
                                                                                                                                                                                                                                Entropy (8bit):6.650016678777876
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:bsuTEcoc/FGNasNt2l4ru2jKw6xtQ7/tvjETqCZ03EdZbj4MKpW:QuTf/FGcsNtM4q2jStgjTy4MD
                                                                                                                                                                                                                                MD5:ADD4BC84418AEC1011BB4AD7EDF12B00
                                                                                                                                                                                                                                SHA1:A1D54AA744C20733AAAD9CA4F219B05FA8245981
                                                                                                                                                                                                                                SHA-256:9444173233A16F1C5508DDBCA2DC674DCFCFF91DAE321CBC8AC3A01527A6688B
                                                                                                                                                                                                                                SHA-512:5A0FC3CF99BE67F49870DA7E487BA880F3624A441548EE76557C355FAC369831DFAB833C8718C986F89B4A77AA7065C9CEEFC95A40794AE1818FBFBC967FA807
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0......S/....`...@......@............... ...........................................)...0..8)... ...... )..p...............................................................H............text............................... ..`.data...............................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.Messages.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):801064
                                                                                                                                                                                                                                Entropy (8bit):1.7803430746056426
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:56irCgZC4pWjA6Kr4PFHnhWgN7aIWn1odzxOhJNlOCgX01k9z3AEu3e:5xrXNYA6VFHRN7AodzxIPaR9zlu3e
                                                                                                                                                                                                                                MD5:CE7A27E8775F2BF4491F6B6668ED375C
                                                                                                                                                                                                                                SHA1:6F1F27913AC6E8C83E82E693B3CD16D2B07174E9
                                                                                                                                                                                                                                SHA-256:AA8CB35D10093FE4BDA643ACD30EFB70AB539B7D079249414340F03AA8D641E3
                                                                                                                                                                                                                                SHA-512:0B0F582F7B614C8DE77D4628EAB775D01761972AB35397BB6A67409144D85EFCD68F06D70BD8E0B663F18285E9C36880A2365671AEF1323A16051A166BD560B7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............&)... ...@....... ..............................>.....`..................................(..O....@..l...............()...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...l....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......`...#Blob......................3..............................................-.....-...0.....M.................R.................h.....7...........[.....x...........D...................................).....1.....9.....I... .Q.....Y.....a.....i.....q.....y...............................#.....#.....+.....3.X...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):173856
                                                                                                                                                                                                                                Entropy (8bit):6.126378443583661
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:BfKizhWKG5GTrXhcJPJ7K3SU1884kr+EIuVLgQAW+o8URJ:5bzvG5GqU1x4kr14nXu
                                                                                                                                                                                                                                MD5:FBD961CBBF04C45472C7194E2A317B9B
                                                                                                                                                                                                                                SHA1:EC111E72AEB04ED6751BEF1A83559CB54700353B
                                                                                                                                                                                                                                SHA-256:1501AD59E05DB6CD73D82426C73D14D6DDC72403713DBE4099CD6C1A650A8A46
                                                                                                                                                                                                                                SHA-512:365C7FA8C2317AAC6FFF937D7D353C3EC6BFA56A6D3172187608AED26023E2F90DD293E770EEEB56BA766E5DFB15C20D4929089CD7A050F95E8C45128D5CF33E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............" ..0..t............... ........... ....................................`.....................................O....................~.. )..............T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B.......................H.......4...p............x......,.........................................j ....n_ ....n3..*. ...._ ....`*...0...................(3..............(4....(5...........(5............(6....(7........(&....(8.....................(9.....(:.......,...(;.....(<.....(=....*.(....+.-X..........?]..........`v.......0..g...............................(4......(4.....(6......(6....(7........('...(8............(<.....(<.....(=....*.........;P.......0...........................(3.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47384
                                                                                                                                                                                                                                Entropy (8bit):5.386361519950313
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:7ky9wsP/QEBuk3bqUghj9zk6KPivxbzY17tFAX+0foWIl9zApn:7ky9wsP/QEBuk3bqUghjVXKPipb017tc
                                                                                                                                                                                                                                MD5:CC68F9E56A287662C705302068EF4994
                                                                                                                                                                                                                                SHA1:DB038C3BC9434359367D4AA7801C605D2D61CFCF
                                                                                                                                                                                                                                SHA-256:AB5638A08516771F08F7CCA49D9C43FB90E5937CB1D6F03C307A5EBFAAAB5BD4
                                                                                                                                                                                                                                SHA-512:1609A29259407CD37627B9786897206FCC229DF4955317CD60AC71A9AF175BE866AF456B08C76401CE2083D67E837E37D5AF7B24F61ABB392D2DE44CB71CED23
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....^..........." .....`... ......................................................S3....`...@......@............... ...................................................)......H...h...p...............................................................H............text....X.......`.................. ..`.data........p.......p..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):338216
                                                                                                                                                                                                                                Entropy (8bit):6.547091859291254
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:PZkDfqaP75HL9eEIdanhOe9jb3b41PlmFFVZTdiX2JD:P2DfqweDdSo8D
                                                                                                                                                                                                                                MD5:634FEF75870C6C036FB4132A4E4D5B63
                                                                                                                                                                                                                                SHA1:9020E99507A27D3009B5914F0E73C91F39C1AA1E
                                                                                                                                                                                                                                SHA-256:7BBCA593ED7F5B8F8650ECD5E597190D7D55BC4B1B9D8A992C7A1F887E65DCC2
                                                                                                                                                                                                                                SHA-512:03B92B87E25344F425AB05475845B14BD8B320E8C09E5B55D94F8FD284097F5226A99720988DDCAE025B92C60847F04AD60D74C0E4E90BAD380EB0A5390251DC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........p............................................................`...@......@............... .......................................w..."......()...........%..p...............................................................H............text...+s.......................... ..`.data....S.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47416
                                                                                                                                                                                                                                Entropy (8bit):5.395594314778358
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:dc6qXYiTR+DUnWzE8vk6Y4mPFWg0WhQ9zK6:d0XYiTYDUnW/c/4mAg0WmzK6
                                                                                                                                                                                                                                MD5:48E2A256B5D7FC2BB74B5046AF715072
                                                                                                                                                                                                                                SHA1:EC1854323EDB9C462A2A967C1C06759C3261CCFD
                                                                                                                                                                                                                                SHA-256:2911FCAD2139490432F3FA96FFB3A50A90E06F84C60E45DF60E6DEB4126B16B9
                                                                                                                                                                                                                                SHA-512:2D0196C98EAA40759ACCD38C5410F482CFBFC83B79CDC629E0297A3B590B1FDD3FB77299F38A1F1414DBBB71475C6CEF744BB2FD7D695E9D3177BF7817F80C68
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Y............" .....`... ............................................................`...@......@............... ..........................................8.......8)..............p...............................................................H............text....V.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):67896
                                                                                                                                                                                                                                Entropy (8bit):6.071077935827304
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:CFtHMfPA85VU9QbAoqxfxGSC0e+LRnugRxFjyGw3/slSdoF31s7YiNL2OSkkkUPM:2GQ4EoLmpzFYU4WCzj9
                                                                                                                                                                                                                                MD5:7AEC30A9E458C5C0025FBFA3A940B791
                                                                                                                                                                                                                                SHA1:E7AED5DDD43AC6D7EF1D474229EDC9FEDFBF1DF6
                                                                                                                                                                                                                                SHA-256:1A1CB8D5807BF6EF60EE749AF2A7D485A581FC7C03CED44E947E08699566B2AD
                                                                                                                                                                                                                                SHA-512:0D18CA8444DF6C74CCFD74344B59F6B965783592AA4E674478ADDD5ABACF0518C4C0060BB07E7471BF550A909F50E8DC6B6C779922E58EB870FBCF2E0F298757
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B............." ......... ......................................................O.....`...@......@............... ..................................4...<(..........8)......0.......p...........................................................8...H............text............................... ..`.data...............................@....reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.8080160066573665
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:PAmShxA/HmWQzUWUdWxNzx95jmHnhWgN7aIW5Y3YHnsTX01k9z3A1GUST:PlexWQzUWUeX6HRN7GgYMTR9zUDST
                                                                                                                                                                                                                                MD5:6D8E075425E16A234FC8F5463C11BEB0
                                                                                                                                                                                                                                SHA1:97D419FD390DFBF214FB7CFCA029A3458554F55E
                                                                                                                                                                                                                                SHA-256:383907734CD3DD76969A359423AEF226CA131AD085FEFDE4943F9B6BB9B28102
                                                                                                                                                                                                                                SHA-512:45B57EC21B8E618E83E0B0B790A6C5964054D50C3DB8D88A7B564201BD693746C555A0203C50F7DEBB6888222A0BE8307598C6451AA1FDF254E48D1CF5A1A795
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................Q)..O....@..................0)...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):145712
                                                                                                                                                                                                                                Entropy (8bit):6.215648320789539
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:gHiUYBgRTeY0dpwQn60x7cftbgZ7eInKT5DFN3+M9:tBgcY6aQn60x7cftbgUHl7z9
                                                                                                                                                                                                                                MD5:E65ABBCA33F2ACA899D9F5106D6C4CE6
                                                                                                                                                                                                                                SHA1:27E9980354458C7EE097F752874C1F6D95EA66A9
                                                                                                                                                                                                                                SHA-256:CC685536EB2061DD6CAF225E353334AA9179AFAEEC105836CBE3B84B88E3BF1A
                                                                                                                                                                                                                                SHA-512:C7614E260036828F863764FE41920DCB46055928DD5274628C317C3997C95161D131A02358ADC1B7E3E25928AC24434FCFCF49DE5A6DDE5C5A3FB2B947265F95
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-Z............" .........0......................................................J.....`...@......@............... .......................................B..........0)......|.......p...............................................................H............text...g........................... ..`.data............ ..................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.732264017448511
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:QJ+yQNWbKDWdQYA6VFHRN7XblAcGkELRPR9zjOZP:7DVFClruyQ9zKl
                                                                                                                                                                                                                                MD5:3DE56E93F4E1D8D189EEB58D935D39B6
                                                                                                                                                                                                                                SHA1:1534FDD929DF529AB29EA4DBD1E9E9D3EC51C949
                                                                                                                                                                                                                                SHA-256:07990D092B8200A012C83B871324F18AC8C42D335EDFD570A1D6A695D55E43E7
                                                                                                                                                                                                                                SHA-512:893F5F8D72AB2F0C48E33C7A38864380571D57E162A371B2B4E4ED879CFC37F220117860C7DA324EC5BF57F683B70A78D3BCDE010ED67A7AAAB553D5C9AC4C6A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#X9..........."!..0.............n-... ........@.. ...............................G....`..................................-..V....@..................()...`.......,..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P-......H........ ..L...................P ......................................../e5.)5a..7.......C....V...D1.<t..I.@.......@K..T.H...._.F|..;9.j..TIKLL.tV...=.R?....../{..X....J?....i.M.d..]....w.(.I^BSJB............v4.0.30319......`...x...#~..........#Strings............#GUID...........#Blob......................3................................ .....................O.......................c....._...........}...........6...........B...........................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Common.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):414280
                                                                                                                                                                                                                                Entropy (8bit):5.92089676794765
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:xCBivlueKi3O567Rf25THDAbPvFsPdBXP2hpqW0/nx0q:xCaKi1HF4BfNx
                                                                                                                                                                                                                                MD5:DDD24ED9FE3B256AB955554893D832C6
                                                                                                                                                                                                                                SHA1:DDF4603FC7AB70F5E49C3CC7F7C691977EF82DD0
                                                                                                                                                                                                                                SHA-256:DF409DE7822EBE4871AADEF1F8E4A553406395C8D692704037781777BA650300
                                                                                                                                                                                                                                SHA-512:F1497BB0CB39A325923BD13314A8C8125B06978BD2D6BDB7387F4E838D27AD0E735461C8BC2584E421E9C9E8DA2AAEDC6757CAD6F6678EC5BCED41A81E8D0E34
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$..........:C... ...`....... ....................................`..................................B..O....`..................H$...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......8...................h...pA......................................"..(0...*2.{1...(@...*Br...p.....(....*Bre..p.....(....*Z.J./..*.J.1..*..(....*..0.............(2.....-..(.....r...p..(2...&.-...-..+..T.*F.r!..p(3...,..*.*..*..0..1.......(....,..%-.&.*..(.....o4......&...,...o5...,..*.*............... ....(....,.r...p......%...%...(6...*..(7...*.(....,.r...p......%...%...%...(6...*...(8...*.(....,!r...p......%...%...%...%...(6...*....(9...*..,&(....,..r...pr...p.(6...(:

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133424
                                                                                                                                                                                                                                Entropy (8bit):6.077871799095023
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:DN8FFc4yeP4SyuvmH00N6no5WvCIp4oRcreUiY:eFFEimpjHo4eA
                                                                                                                                                                                                                                MD5:9436B672EF85B0060E417B93E6F4CD05
                                                                                                                                                                                                                                SHA1:589C7567B4B9FBCFC69048DF509A8F401F31B49E
                                                                                                                                                                                                                                SHA-256:FA7D94825EC7ADEF2171952CE5A176B74CF97CB3C7A792A83A0CC03EB4A3B071
                                                                                                                                                                                                                                SHA-512:A322D1D8D45CF3E5DEA7288BA1C192D5792D0C409A6F0140846A302AF5C33BC4AFC0D11DEC81384B7CCFF8F9B66BFF1F1C20B6A357B3D6AA95A91B1A06BD3E50
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....|............" .........0.......................................................'....`...@......@............... .......................................-..........0)......<...H...p...............................................................H............text............................... ..`.data............ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Drawing.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20776
                                                                                                                                                                                                                                Entropy (8bit):6.428726027972037
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:v8iP7uC8MYITetNPBw7vaWxAtWdYA6VFHRN7DkELRPR9zjOmxk:vRMPD8FClQQ9zKl
                                                                                                                                                                                                                                MD5:72E86E777EB37C25309D9CA02FB173D2
                                                                                                                                                                                                                                SHA1:958DBEA0B0EC16624B24F05A13633642D929A3C0
                                                                                                                                                                                                                                SHA-256:4EF5CE2DAFC66D495B9D075EB30AA5DC5C32A84FBFB2903E57E514A7BB4ACC96
                                                                                                                                                                                                                                SHA-512:E15CA60C6D30BF4A661B51D7034E055224A89B108CEBA7FEF13C9246391E46DC05D35E6F46AD6FB0D115CAE7DE6371F6CCAA71695D56A84C9FB9DEFEFC8FAA36
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b=... ...@....... ....................................`..................................=..O....@..X............(..()...`......0<..T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B................A=......H.......P ..`....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.6920378205912305
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:8YwoCMWs1CWSYA6VFHRN7xo0yzxIPaR9zEs4M:8ToF+FCl+0yzxOW9zFh
                                                                                                                                                                                                                                MD5:61F1E563B3D2F94B3392CD568254FCE8
                                                                                                                                                                                                                                SHA1:E5F006FBC73D470081D92C2DFD47C13382D78438
                                                                                                                                                                                                                                SHA-256:9E24A4F9235027AB72D2480FA54EB291AC46E86354F240426CD8FA0FDB2BF197
                                                                                                                                                                                                                                SHA-512:4CFA20B326B7729D1483CB1AEBBD261A4B6FCC46948C91C4EC844D34038ECBF94C84AD6959AE499AD8C7F05D72C2CF1A19A1C09BC5D25B1B98A81A51B8712357
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.,..........." ..0..............,... ...@....... ..............................L.....`.................................e,..O....@..................()...`......x+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Asn1.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):244000
                                                                                                                                                                                                                                Entropy (8bit):6.507233565279823
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:IgsUsdJHsqVpPq+Pu1Nr7tXAjsEpN0Qif+H7zgiuG4krZAuZAt0/+9MyQ4UjIPKx:zTs/Hsq7Pq+67qjhp+QifaCtz9VTKp
                                                                                                                                                                                                                                MD5:CDF076CA69511E705F6F5B753098F9AF
                                                                                                                                                                                                                                SHA1:90D319A2C2206528DDC216C4B7A55F3011EBBAF8
                                                                                                                                                                                                                                SHA-256:689C8742BA53CD02774B1E7A94C9C9F15767C4BF4FCBCE2B801B916329BAB51A
                                                                                                                                                                                                                                SHA-512:1ADABCFBB98CAE2AEF81ECC4C7E3E423E02955691FF0B6FA0733EC764CD94DEA6CA9A3F2797D60760E28FE053F7797F77F3DC8B854A627836C020B569B05E13D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....@...@......................................................h.....`...@......@............... .......................................P.......... )......h.... ..p...............................................................H............text....=.......@.................. ..`.data....*...P...0...P..............@....reloc..h...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Formats.Tar.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):272664
                                                                                                                                                                                                                                Entropy (8bit):6.5102889309866585
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:OhWQ+7dHwUJgHKaDh3ZQDQKEtS5SQTc3XPOsu1t4jnX4Sly4cv8zq/xv642ucUpX:Y5+7NIHCEJ9ly4DW/2NfpgzAmR
                                                                                                                                                                                                                                MD5:41A6F214168ABD16EB912C85ACC09E6E
                                                                                                                                                                                                                                SHA1:29441BB9FA6E8B7A3F058FD511490025C920246B
                                                                                                                                                                                                                                SHA-256:4AAA042DA8CCF199E8131429FBE28B71A8547B3CB8ED20D3B6962BA6D45770F5
                                                                                                                                                                                                                                SHA-512:B977AC9C155CEE618739A115A495EB92EF270A5B0DCA1DAAE4C78B836BE3A7D3EC06B030180AED0AD116C4DA6A98AE7185D919FE141A667AF6FEEADA0C72030C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....!............" .........p......................................................Q.....`...@......@............... ..................................t....f...........)......L....%..p...........................................................x...H............text....|.......................... ..`.data....V.......`..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.766379214654712
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:c0sRqXWDRq4oRqm0Rq7WSYA6VFHRN7XgJ8KER9zly1O:9mqKq5qmuqFFClwJ8R9z01O
                                                                                                                                                                                                                                MD5:D21C365011A6420D58FE6EBB86C5784E
                                                                                                                                                                                                                                SHA1:7EEA87877D56968A80A940C5FDD72E7416CB666D
                                                                                                                                                                                                                                SHA-256:C016FF9595BF28A1D507A8058BE786FD0EEA635569EAE5E27D8F7B0B8D2DE0F2
                                                                                                                                                                                                                                SHA-512:FE74960971E974771D86195B317A5096412868654F151CA2BB1FF4E058EC8315AA19613C2423597A6C02F88BFFA4E6C05360C1143FE09306955DA48DEF5C9477
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.............>+... ...@....... ..............................H.....`..................................*..O....@..................()...`.......)..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................l)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.821063767728242
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2gKxRPWYRg7Rp0RjWCXYA6VFHRN7HoJR9zgwmL:2gKnN+putXFClA9zA
                                                                                                                                                                                                                                MD5:0DEE67964FCB385F9FA8B7C3828ABCDD
                                                                                                                                                                                                                                SHA1:831A65D098049E4260A24B7C6AF40B1F97E4D598
                                                                                                                                                                                                                                SHA-256:07C60EF102AA7DFAD2BC691A9B4B9D827C40934C4E88029E19E9694267B93465
                                                                                                                                                                                                                                SHA-512:277719C8981D6EE5F86E58FD6F1D554E9044B397A0598C4FABF7B7E6F8243A86C96114EA3DCAA80EF9942F47C60D0CB27DABF8CA081437A20A94312C4155DC52
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............)... ...@....... ..............................5.....`.................................o)..O....@..................()...`......p(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Globalization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.706885767315989
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:9D3RLWdRMCRA0RHW7lX6HRN7U3GiNbZR9zBd6o34:9Dh0jAuSFWmFT9zz34
                                                                                                                                                                                                                                MD5:1104F40E8469C5590E7EFF79F7CA7D20
                                                                                                                                                                                                                                SHA1:D156ECD4719973DCD81AA14D1A5E25C403506E66
                                                                                                                                                                                                                                SHA-256:B5809B99963888AA99A958A22982CDDD7235C09053466F2922C3AB120CBDE456
                                                                                                                                                                                                                                SHA-512:2126C5FF977F4E1A1F1CD0D5E96C0AAB5476CE12C9EE14B3AB9AC7180C9483F681029C961E3031D82F788B2172F647FADFE99805BFAFD9A2625723B0C1E9273C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............" ..0.............v*... ...@....... ...............................q....`.................................!*..O....@.................. )...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84280
                                                                                                                                                                                                                                Entropy (8bit):5.88073044398993
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:pR6V+A9+/PACL3jKhNro9wbnjVZE+eU6phWpGzFT:pR0Z+3Ai+hNroebns+P6PsGpT
                                                                                                                                                                                                                                MD5:75A8A0B838312CA85F7080E46E2AD772
                                                                                                                                                                                                                                SHA1:0CC9A61CD1CFC94CB62E398161E55326AA746A34
                                                                                                                                                                                                                                SHA-256:2172BDD60DDE91FD530473D4C8D7BD96EAD15CCE886B438F3B39363DE781C671
                                                                                                                                                                                                                                SHA-512:770A19C2C1CE7228835AE58198CFA9CCB52E1D9AD246D18069354F0BD94D2A1A2BCFF430F59B5320026C625EB47CF2B6F650659E1F69D8E1AB5334AC806F63D7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0............................................... ......."....`...@......@............... ......................................|(..L.... ..8)..........@...p...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.764939082374204
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:5tfL/jFoPaWuJmW0xWxNzx95jmHnhWgN7a0WamLkoiINFPKBWX01k9z3A+olmV:PfLxKaWuJmW0aX6HRN7R1t8KER9zllV
                                                                                                                                                                                                                                MD5:C804A5B35533C6C78ACDEB7928617388
                                                                                                                                                                                                                                SHA1:C037FD5B022707FEA213F703C22682CB4A2C95FB
                                                                                                                                                                                                                                SHA-256:1481A72E898D6A995BB99EFFFF60AC5CF4D49463A24DC23EA6F73B5E69E3251F
                                                                                                                                                                                                                                SHA-512:EC938C04E946C36CB378A387D8E8EB679E16A43C4E0E75C6DA8A428E426B0EACBA7170758EB1199A45B18A1239EA61806ACA85FBAFF698D6FAC77B3FC8268F07
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.t..........." ..0..............)... ...@....... ..............................X.....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):55592
                                                                                                                                                                                                                                Entropy (8bit):5.794508588818863
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:WrHCYlbejwSCGs6ZQyvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvB:WrH70jSVyvvvvvvvvvvvvvvvvvvvvvvZ
                                                                                                                                                                                                                                MD5:78C22A26EF9F5B8411C0E3CF5AD7441D
                                                                                                                                                                                                                                SHA1:0B6893BF383C5EE0A72FF0037D8D6A49D986718E
                                                                                                                                                                                                                                SHA-256:7AB974DC21BA2583908C76AB1D341668B737C31D77A450C964D54579CC23DA5F
                                                                                                                                                                                                                                SHA-512:C0B6A08BF8A91A27CC9D6C2B3AA6555DAF6F5F5F959A8D188B0054AD25CFA1C171954C45FA68CB09579B3306D4AAC6D3254FA477DCF036609AAEF2DE1CDB2839
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....l..........." ......... ......................................................E.....`...@......@............... .......................................!..........()..............p...............................................................H............text...8y.......................... ..`.data...A...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Compression.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):264472
                                                                                                                                                                                                                                Entropy (8bit):6.548591134679868
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:pAindQCtmkal13Vn7vUoD2+bkf/B3q1GqqcJIbaIksoRirnnMpDTp/RbC++xMQPp:eidUT3tn3bwNKvco4roTpcaQPEamBHY3
                                                                                                                                                                                                                                MD5:D9F34984A15B7E1651950F7FC4212AD1
                                                                                                                                                                                                                                SHA1:E31F71380FCC9BA64847F0B60D8DB85671F83F85
                                                                                                                                                                                                                                SHA-256:E595732C065539AB183FBD27CF5E42C63D11079F7ACBEAE455421B5E2E73B669
                                                                                                                                                                                                                                SHA-512:FCB010FBCEAE2197AD927265DD5FA5A8CDE9E0859C127144A0DEC5E33592CCAE6CDD840F1CE15BE216EBDB6755374AD8D14162303219A4C2D5795AC8F267DC65
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P............................................................`...@......@............... ......................................df...........)...........%..p...............................................................H............text....|.......................... ..`.data....;.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):104728
                                                                                                                                                                                                                                Entropy (8bit):6.04299609988956
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:xxkAAMNiDSjaabcPihEzfQHlDE7H+CAvpYx/K8yf9DSWXpzF:xxL3YuiA2dbi/f9DSypx
                                                                                                                                                                                                                                MD5:7B8853FA50238165F45E3C6B33D6351C
                                                                                                                                                                                                                                SHA1:5168A2CB788E45828329959A8BEB2ECBFB49112F
                                                                                                                                                                                                                                SHA-256:3053AB194B17A8175155651B35D0FCB62F3D8F0C3078CBDC2627C4C7669042F3
                                                                                                                                                                                                                                SHA-512:5A980D92DC624D433AA929B6643D05710058B71CE0FC85814C80421578E6BDF94A0900221B59DC8458DED615A655C809A5907D3960F0BA98AC2392A3B424B23B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...U............" .....0...0...............................................p............`...@......@............... ......................................P-.......p...)...`..........p...............................................................H............text.... .......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):55608
                                                                                                                                                                                                                                Entropy (8bit):5.425657754099587
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:FhuF4f/D8T5a9OkVAJM1/1PC0lr1sklWIk8R9zo:FhuKD8NawkV51/1a0J1sklW8zo
                                                                                                                                                                                                                                MD5:D65CCF17AE03862430A708738F23980E
                                                                                                                                                                                                                                SHA1:2946EC1A63DDE5130CA32274D34C02A70E0F3CA4
                                                                                                                                                                                                                                SHA-256:D7BF8354D118851E2CF0934CE8AFF5DE79C12362FAB51107E8C42BDC20C2B39C
                                                                                                                                                                                                                                SHA-512:DAD79CB469E724DAEB51B72611BEFEA74FE24029A5135C729B87DF2C81781DEB2ACAD08EDB0FA295ABA50C8C5A1AC41802528C5ADE8F3629538FE35B2A9347FA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....7............" ......... .......................................................X....`...@......@............... ..................................................8)..........`...p...............................................................H............text....p.......................... ..`.data...E...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.821694638098971
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:z1qGW/dqWMYA6VFHRN7eVXC4deR9zVj7qgTyS:z1qtgFCleVXC4dC9zVjBTN
                                                                                                                                                                                                                                MD5:67EBDED0179552C303E213781BA5DB4E
                                                                                                                                                                                                                                SHA1:BAC421FF4E7F2CE0CA3073294E19B6C19B587F74
                                                                                                                                                                                                                                SHA-256:7C2AEF2BD75EB88874D980358D91C66DE8919DC887FA94CF1EDD770C3A8E5F74
                                                                                                                                                                                                                                SHA-512:5A8EA7ABA4E118036898625CA47D6842EF0E5FB19DF1B847BDB5DFF73ED52ADBEC7CABB26D54CD8D44605178E355143814FAE6697ACA27FC292866A6302BBE8E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............)... ...@....... ...............................;....`.................................k)..O....@...................)...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):88368
                                                                                                                                                                                                                                Entropy (8bit):5.877540050029605
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:BRo/2qh+M5COJu0ZOqpE5fer4GRv33333333333333333333333333333333333W:BOOGVVu0Z5pw2r4G933333333333333m
                                                                                                                                                                                                                                MD5:0713043930CD3C83563EC283D10742DC
                                                                                                                                                                                                                                SHA1:88CCAFEB1BE351C16A3BBFDBC6E160031E3A9B77
                                                                                                                                                                                                                                SHA-256:3B6BDFB5BAD16C2D2126EABB74A9859CA414FC75E6EB520E93D3A43ADBED7640
                                                                                                                                                                                                                                SHA-512:BBAAB646F9BE8AE26E0AD00DFDCEC00F8F00968A594BF4C030D0272D2E8F6147413CB939FE4C1563A39AE2566532E429ED0D1362189EBF9205ADC12AADF26A32
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....P............" .........0...............................................0......t4....`...@......@............... ......................................p).......0..0)... ......`...p...............................................................H............text............................... ..`.data............ ..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.FileSystem.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.72885945570015
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:iW4RH8FxAvoeTbWyp2WUoWxNzx95jmHnhWgN7agWnY00pyEuX01k9z3Aly+KIQx8:34RH6FyWyp2WUHX6HRN7CEpcR9z0BSte
                                                                                                                                                                                                                                MD5:5591B6C98BCFC539D04FB4116CD1D18B
                                                                                                                                                                                                                                SHA1:330F3ED4D9B6546364FD04E78DB1EAC9CDAE050D
                                                                                                                                                                                                                                SHA-256:4A61B376B6E77FC3FB20ED4ACDA6DBDCBE22D9BC30BF4E06925C003ECA391269
                                                                                                                                                                                                                                SHA-512:F47FD870FA993ABFFB90C575AD94EFE1FA347944C0435102065146477B2BF1E60EF9493647538949EB19173F4864188F4D407D4B997A5FCB33E653C5A184E410
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............+... ...@....... ....................................`..................................*..O....@.................. )...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):92448
                                                                                                                                                                                                                                Entropy (8bit):5.820503518807393
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:JA3qoT3QvNN08kx2/YE3SjZwKPU7+GGlux8a5htWgEp4z+:JYq23QvNN08kxM3SjZwKPs+GGluxptXy
                                                                                                                                                                                                                                MD5:7314D93D8AEA712CC1A2D9B72FBFEB2E
                                                                                                                                                                                                                                SHA1:F9F213CFF762F5006742DF60872EA9B9172E7322
                                                                                                                                                                                                                                SHA-256:BC9EFF07BA9B2C4F4DD82CACE1409A594CAAA263EA481FF7D095EE32170331D3
                                                                                                                                                                                                                                SHA-512:5919A654FDFF9452CE14B0D9951C8B33DA0BE8693288AD6364CA4EC1D116B92884DEF110A5B807F02CBE1CFF6F00091107C8C17AA385F1B4BA582344D04C440B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.N..........." .........0...............................................@............`...@......@............... .......................................*.......@.. )...0..........p...............................................................H............text...m........................... ..`.data............ ..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84264
                                                                                                                                                                                                                                Entropy (8bit):5.806191116216466
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:ROxV+zNttvCu2mNikiq7Zb8G/ve/caa9WkA6/iLzUiz:ROx0Ntt3Pisb8Ge/ltkAyQUi
                                                                                                                                                                                                                                MD5:F77A293786087936DB47A5F85D028681
                                                                                                                                                                                                                                SHA1:1F484F14468C4E28C61E04D20CFB77949F7F1E3D
                                                                                                                                                                                                                                SHA-256:C4CE83776FAF64605E92041546DD886D7718AABDB79585F372822F4943F10CF3
                                                                                                                                                                                                                                SHA-512:6E937A2C3A80E8B9058DB6C2389085765FD7A449753E4B3ED3DD9F2EA4ABF44DE45BD54E1F9F06AF2A1A8B3C876730898756D621A9DCA310C6430D47171B8557
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........0............................................... ......j.....`...@......@............... .......................................%..|.... ..()......<.......p...............................................................H............text... ........................... ..`.data...`........ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16656
                                                                                                                                                                                                                                Entropy (8bit):6.745569370541998
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2OeIbSlW+WPWuYA6VFHRN7DEpcR9z0B7QWd:2OIyVFClDEpw9zaEWd
                                                                                                                                                                                                                                MD5:C9E5B4FB06655ACDF85805F9BFAABAA8
                                                                                                                                                                                                                                SHA1:0434768A5419391C748787E55E7E43CCA69DECBE
                                                                                                                                                                                                                                SHA-256:357478614E285906C5478249E1FFBEBF08D5B8FD508FEA854DB6632540FC2E47
                                                                                                                                                                                                                                SHA-512:3DC99ECA3BD14B422C633FA12E081044BAA1756DEAD3D633BA338E7435B5630303ED53D39A681A018047EC4CDB97C8F028EFB91EC16E37F17F28F228F2E68A28
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............,... ........@.. ..............................b.....`.................................g,..T....@...................)...`......`+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........"..x...........P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.Pipes.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):166176
                                                                                                                                                                                                                                Entropy (8bit):6.346058751718644
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:VN2U8z8G2Xr0DUXHw8pLZx1w82V+qyp8E9o8vFM:TJ8z+4D98pLiE9o8vi
                                                                                                                                                                                                                                MD5:E2998F0D8693BB46B40A210FA04F9BEE
                                                                                                                                                                                                                                SHA1:645C748C1F9D738598BD8C272FE799A02B0D3D60
                                                                                                                                                                                                                                SHA-256:1972A42C7B9045D102AD48081CD93DC4D96DAE9FF016F75687D4887D03D2920E
                                                                                                                                                                                                                                SHA-512:B1B3F451E91DB813ED013FA4547E83F905A35D2A9E2EF557262EA234E1D9F0F2C4E5761F1E3C78A558C8DFB970D9FE47D987179927331915A8BC680B15E8D1C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........@...............................................`......;.....`...@......@............... ..................................T...|@..X....`.. )...P......H...p...........................................................X...H............text............................... ..`.data...6/... ...0... ..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15632
                                                                                                                                                                                                                                Entropy (8bit):6.829247129940496
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:PWvewMxAqj5WjB+WvpWjA6Kr4PFHnhWgN7agWzFY00pyEuX01k9z3Aly+aI4O:umwaJWjB+WvYA6VFHRN7wEpcR9z0BSO
                                                                                                                                                                                                                                MD5:971EE5253BB544A7B2B3A1077C2C6008
                                                                                                                                                                                                                                SHA1:FCE7DB0F757434DF870CC2113DDD67B893C56CE7
                                                                                                                                                                                                                                SHA-256:5B614D49BBA36FF77CAA7A760A1E2C1642435A1FA949BF3BD25015BFFF91473C
                                                                                                                                                                                                                                SHA-512:EBB00CFB6916B79A49FD1B6E0F9C7D77373B747D452466D09CD6689297287C8FE7AFE45E5C341B46998AE7D716D62EA88CE3B0EE26D87263C83DA4735FBE344F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............." ..0..............)... ...@....... ..............................n.....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.IO.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16144
                                                                                                                                                                                                                                Entropy (8bit):6.68496802568185
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:7283vFlW2ybWaYA6VFHRN7Uxl/7R9zj2IU9S3N:K6F+pFClelF9z6R9C
                                                                                                                                                                                                                                MD5:A341F35D1B875B0C07079117BA94DD5B
                                                                                                                                                                                                                                SHA1:1302496E225CC36B8DDFC838CA39061936EFCE0F
                                                                                                                                                                                                                                SHA-256:FFC7D4206C7B0C9E92C69A00120CE0859440709E8E5E5EB476572985EA040023
                                                                                                                                                                                                                                SHA-512:89A55CCFC5E4ED80B44E92941CBAD65BDD90E48FC0874DC712F1549BAF557EC85A7BC960B18D304DB311D996918653A771A78808B5D5AB150B4B2DFD33A4A757
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0..............*... ...@....... ....................................`.................................7*..O....@..(................)...`......d)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................k*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID... ...t...#Blob......................3............................................................=...........h.....#...........S.....i.....8.............................Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Expressions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):3676456
                                                                                                                                                                                                                                Entropy (8bit):6.685377818335155
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:oQngtOBPgD5EUsp4Zq2daW7L2+K06Fs4sZ39SuDsFIW/pj:3GOB4Ombp8uDsFIW/pj
                                                                                                                                                                                                                                MD5:B6A58A0AC1AF936FC5F14F8F2D44D1E0
                                                                                                                                                                                                                                SHA1:0738563464D22751D4ADDFD268A57181CFBE562D
                                                                                                                                                                                                                                SHA-256:F961C3396AADC6AD4475F12EBEA85743D01B015423FB216DAF3DA7A9B7F3ACBB
                                                                                                                                                                                                                                SHA-512:41E3E393866711A811AD1E8F0E184905D4F790BCAC061F41BC42679ADE647A77B2861323FB2A3D7C78660C24EB45680FC72AB3953783C1137D428B8600F80FAA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....<k..........." .....P1...................................................7......8...`...@......@............... ..........................................`.....7.()....7.,f...b..p...............................................................H............text...dK1......P1................. ..`.data........`1.. ...`1.............@....reloc..,f....7..p....7.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Parallel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):805128
                                                                                                                                                                                                                                Entropy (8bit):6.742092274429004
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:Hb8dNdBKT9DzuU4/sKE5QmSfc+1yQgdYWrwG00eK0CszcyYoq:Hb8jKT9PuO5QmaryQgdYef0ZK03Hq
                                                                                                                                                                                                                                MD5:1E9DB6EC85E31D87782D10CB2A5A6132
                                                                                                                                                                                                                                SHA1:FF0B9CA05BAAA3028874E6CEC5FAF4188F7B28BE
                                                                                                                                                                                                                                SHA-256:7004CF19931E4688247A28AAFCD46992E1184C782EA9F6BE3C4491D327355C31
                                                                                                                                                                                                                                SHA-512:9AD6BE73F1C89A4901AF2011B051D8874903466733196C211AC114361090605BB647034CBB70CA828C5F2637F19E2656A1771516F2564B111B8F4E46DD273058
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... .......)....`...@......@............... ......................................x....d... ...)......T.......p...............................................................H............text............................... ..`.data....U.......`..................@....reloc..T........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.Queryable.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):174376
                                                                                                                                                                                                                                Entropy (8bit):6.299213446161007
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:KuskFLsWejwPAJ+DF8mPOfww59JK6tLUaS0rm:FswxQKAkOmPOfww59bUa5r
                                                                                                                                                                                                                                MD5:04C98DD367C3C081624578459663FE4D
                                                                                                                                                                                                                                SHA1:56976D550298BE9F9DE1BCB30D73D588426941F8
                                                                                                                                                                                                                                SHA-256:7EFDA8EA3ADC84870CA399F1973C1B48963E034158E5C8D184D97E86C8733BC3
                                                                                                                                                                                                                                SHA-512:B40AA4DD1F6D4A5723C79C3AD1C206C00671B1E9A243BA911BDCDCBDB7573C28D702BCC06E80A6882BBCBBD19A0BAF6B89047067EC11E1A4DEFD9B8B289F2E4B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....*..........." .........p......................................................Bj....`...@......@............... .......................................+..........()...p..........p...............................................................H............text............................... ..`.data....V.......`..................@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):543016
                                                                                                                                                                                                                                Entropy (8bit):6.741951464470459
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:cNYb37ypY1hh8r4bdhR+JU1/0kxryufbFHJMyS5IH/YzIhMxjCkoTcH3:MYb3GS1hh8rwdh8UxeEvAE+mI3
                                                                                                                                                                                                                                MD5:6ED1EA9A8EA41D939DA714D97F063993
                                                                                                                                                                                                                                SHA1:833F7561D58C8336E4E937DE1A2320DB45BE1432
                                                                                                                                                                                                                                SHA-256:A2FB9DD804188E44948A53C4165815F5CCCDE4CF5FED19988377AF84E86EFCC8
                                                                                                                                                                                                                                SHA-512:0A0A197AFD26FC51BB32C6A1799D31FFD1F29E9A580C67AA43141F1E7252065791C9728A0595D0B330EF232D34E082DFB544E08CA72210CB8A290FFE4340E8D1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(............" .....@................................................... ............`...@......@............... ..................................4........J... ..()......H.......p...........................................................8...H............text....1.......@.................. ..`.data........P.......P..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Management.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):312600
                                                                                                                                                                                                                                Entropy (8bit):5.971150967147675
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:lyj+butGieusJEYE1SF7c39iwjwmppwbHV/ZqPJkoj80uSxptTy+D:l4+butGieusJE31Shd/kIaxpXD
                                                                                                                                                                                                                                MD5:72C62B8FED1879C314BA757CB289483D
                                                                                                                                                                                                                                SHA1:B18D623D1745B6F09CE0DC85F3ACF1FF69F61CE9
                                                                                                                                                                                                                                SHA-256:DCA8B03636D4EF26A1727AF2B8063998491B72D1DCA547BEDAC3D65EF115D677
                                                                                                                                                                                                                                SHA-512:F5B43271C08E4696C90FE507FA0931638A081AB1C7CE1E660036D15C1B406FC7CAE265B0A05C47D29DFA25B7F1DA809F2E42AD8A8BBAD160A1F97EED176D3454
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;............." ..0................. ........... ....................................`.................................o...O........................)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........!..\`...............+...........................................0..........r...p..(+...-..*.*.~u...*....0..........(....,..*..(.....o,......&...*..............'....0...........(.......(-...-..,..*.*.(....,.rO..p......%...%...(....*..(/...*.(....,.rO..p......%...%...%...(....*...(0...*.(....,!rO..p......%...%...%...%...(....*....(1...*..,&(....,..rO..prO..p.(....(2...*..(3...*.*.(....,.rO..p......%...%...(....*...(4...*.(....,.rO..p......%...%...%...(....*....(5...*.(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Memory.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):157992
                                                                                                                                                                                                                                Entropy (8bit):6.472585497766165
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:xGyySN/j+0sbFbqX63vwZuIBo7M5F8966oYddCBuqmwehtTihdMU:eSCb6oIBo7qDGdCBuFhX
                                                                                                                                                                                                                                MD5:1E158B6E320633CA794113EEF60BD35B
                                                                                                                                                                                                                                SHA1:BD6BC89189E4546ABD4B24C3196C60CE2C2A473E
                                                                                                                                                                                                                                SHA-256:536310FAD46E9710E2378E6AB65715489C267B13A08AD96139978D97974BD282
                                                                                                                                                                                                                                SHA-512:B3C89D7F57F69D3E7B0EEFEC4E4F5E6FC56D3023032F8631E126A48B8068A30B2394FF74E9AD5FAB4D8719E42A22D8003B27B60F1A5E009986216AC4D9961356
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....a..........." .........@...............................................@......!.....`...@......@............... ..................................D....6.......@..()...0..........p...........................................................H...H............text............................... ..`.data....".......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Http.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):129328
                                                                                                                                                                                                                                Entropy (8bit):6.199319743810756
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:AeiSzjfIwHAOaaRHg/OnTRRY4beHqSZkXs3pMGeh2C:NfIaJxRHgOnN4Zkcydf
                                                                                                                                                                                                                                MD5:4248D1CB0BB05ECFCF5D97BF2C556E40
                                                                                                                                                                                                                                SHA1:BCF119421A620917E41CC1C668849FEA3225DC21
                                                                                                                                                                                                                                SHA-256:AEDF0405E5333C565A1544FF91E2B1DEEBCE8FF75345F90D9A8A3126ACEF669F
                                                                                                                                                                                                                                SHA-512:16C94D5D6C7559C8065159524F867862C112731470F8919DC755267B9CD1E94AF1162A25771DBD2371107132B9AD5F17CA504F86AB1F54AB47B31D2911F5B5C4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....p...P.......................................................O....`...@......@............... .......................................4..<.......0)......l...0...p...............................................................H............text...Qe.......p.................. ..`.data....8.......@..................@....reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Http.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1730856
                                                                                                                                                                                                                                Entropy (8bit):6.690299064412809
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:PycBozKb96UEnyPwWwnxuNnQZJjD2E1SMR/S5IP616zF1IMx1s:hBozy4UQWwwNnQ//lSMRKa0
                                                                                                                                                                                                                                MD5:5FEF63054D9A2786E932F48D0EB8C7DC
                                                                                                                                                                                                                                SHA1:36718C8A24757E6DA65DDD30AFA78691EFE014BF
                                                                                                                                                                                                                                SHA-256:D88A1E49EC7FE3EFEB41FC61E453CD22468FB729DCF451BF3B1E0C53179077D3
                                                                                                                                                                                                                                SHA-512:475A3E2DF1AE4987CA2E696D0E28E5888379700D86D496268DE72163B46D67D1CA3E336E23B88F7F0BCEE3D4714CE4695E82E6F55010C435E06B1E65194A7005
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2............" ......... ...............................................@......,.....`...@......@............... ..................................T....J......@..()... ......`o..p...........................................................X...H............text............................... ..`.data........ ....... ..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.HttpListener.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):551216
                                                                                                                                                                                                                                Entropy (8bit):6.570850705797673
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:umIF66bAc4F/B7VRZ3KY1B0hZJ6c7fkDNRd2B/hy13n5EWZgsgG4qikXOG4drZ9:TAAc4F/BJ1uZJZxhS3iWZgZQOzr/
                                                                                                                                                                                                                                MD5:F30FBE5D270D3C1D1BC8103D79E80F0F
                                                                                                                                                                                                                                SHA1:CE5C4B14BEC108F97310390A18FD989A1C1E7D29
                                                                                                                                                                                                                                SHA-256:41F81F076D63745AEC9008452DFE5494390507C914D7ED0250571F8AB3721D12
                                                                                                                                                                                                                                SHA-512:2913F9871A991FE43077AB2EF577E2EA03FD0A1DD2135ED72AF0532CD0ED0879858E8B55CCB0A8D876364A10DA45287ADEED5E80E9F2AD27D8E1E55AE8900056
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........................................................@.......f....`...@......@............... ......................................\...0*...@..0)...0.......,..p...............................................................H............text....s.......................... ..`.data..............................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Mail.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):432440
                                                                                                                                                                                                                                Entropy (8bit):6.566239028494259
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:wrcqVeM9GnQkW0a+Sdjoe9kDu0GeFowMR5JJLmqRSxnJ8kkG1BL0q3+lsK:Ue40aFP9H0NMBSxvL0AEh
                                                                                                                                                                                                                                MD5:2C96EE7E735BA59488B6A339EDC04420
                                                                                                                                                                                                                                SHA1:29CA05738467C74F9D5E7078043CBC1118E1C3EB
                                                                                                                                                                                                                                SHA-256:E3EFE9F1852535908C7EC2B1B473AA5917D0BED5D0BD2C7D5DC77B603ADF8279
                                                                                                                                                                                                                                SHA-512:94B6A5D24EC7CC15991FC7C3C86A6A51D04E7112AB595163F4DA6CD2FC2D6E38540157C1CBE703D72764EF73C4ABD4E707D4D0FF3E1268FF0AB04AD842A1D680
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....L............" .........................................................p......t.....`...@......@............... ..................................T........)...p..8)...`.......*..p...........................................................X...H............text............................... ..`.data...mr..........................@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.NameResolution.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):112904
                                                                                                                                                                                                                                Entropy (8bit):6.14105129338038
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:kKN4B8OosZjsM/flInEhNRKdRxRZDFauWFsXwYUivYtzf/:kt8O7GMF+E/RgjvDWFsAFCgD
                                                                                                                                                                                                                                MD5:830154A3A12519882938F7367080CB2A
                                                                                                                                                                                                                                SHA1:B7464994D56D3F8E615EE56A5A6228C52E6E374E
                                                                                                                                                                                                                                SHA-256:67D6CE9D3592927FDF25BA715F0E6AAA06A11EB41C13615234CA508813CD7D0B
                                                                                                                                                                                                                                SHA-512:FD0B691E44E75A85211E0D58D199A2631CE74656FBEC186F1AE3841C93694F395E4C1B64EE14BBF703056EF0F41B111E334E32CA55456EFA11D6FF890238F042
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@.......................................................q....`...@......@............... ......................................h1...........)..............p...............................................................H............text....7.......@.................. ..`.data...B$...P...0...P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):157968
                                                                                                                                                                                                                                Entropy (8bit):6.293376030261192
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:2RppMzz2p/xRtqbqW/gU/ULVXyVMn9Qk2e0tnz:YIzypRQb5sd2ll
                                                                                                                                                                                                                                MD5:0D567DB735EE434D9D42C330D9FE4CE9
                                                                                                                                                                                                                                SHA1:AFD1A4C53D18285523221E2E0BC2E757D2B64925
                                                                                                                                                                                                                                SHA-256:D3C0790E53540E6715DB61B512EFA719FD8E195781EE85913FB8832677203BAB
                                                                                                                                                                                                                                SHA-512:4AA7F32051774ABED9FF97FC16178773BF87E853A0BD554E27CFA5D393570A1A29C47F0C9FD2262FE7551335FC2687AF416CE4DC78C484D594B743E41244D523
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." .........@...............................................@............`...@......@............... .......................................9..8....@...)...0......0...p...............................................................H............text............................... ..`.data...T&.......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Ping.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):96552
                                                                                                                                                                                                                                Entropy (8bit):6.101125548127868
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:47fyYP9J1fwwSctO9hswiUgYwlFbmj/gJR7SfNNJkZphyNVMifz:4hP9J1fZE9hsw4YcNm0JR7SlfuphyNVd
                                                                                                                                                                                                                                MD5:979452EEF74DA1EF02DDED73AD00E0F2
                                                                                                                                                                                                                                SHA1:2B213C43E085910EE1584D09FEC913837E00FE15
                                                                                                                                                                                                                                SHA-256:13428704A113F49B0D6A5324BDCDC47F8D725BD139600F0E8DB5A5DC37884680
                                                                                                                                                                                                                                SHA-512:4FA9F5FF0BAE7754A8F8C9044153157ABFCC687A1768C63830E2633BDAEDB0A86923E55CE36748AE43EC3B8E79E78C6E9E710290208442501EE248241244071B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....d............" .........0...............................................P.......D....`...@......@............... ..................................T....,.......P..()...@..(.......p...........................................................X...H............text............................... ..`.data...,.... ... ... ..............@....reloc..(....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):231736
                                                                                                                                                                                                                                Entropy (8bit):6.473177149043323
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:AnDBNI7bgAZrgyBHSchuzeQ4Ak64myD6uJQ+Y6MFot5PQloV2O1wcdu:S7I7bgAZrB0cgeQe60RJNtN5V2YDQ
                                                                                                                                                                                                                                MD5:D8CEDA452779306A13FF2F310CBEFE60
                                                                                                                                                                                                                                SHA1:4447F82C5A1207B244A0AAEBCE3AB3530CD2BD81
                                                                                                                                                                                                                                SHA-256:93FA4AD1590D704DB6ECAAFBE2E388A5318212CB0A4CE435324EEE0268A11C56
                                                                                                                                                                                                                                SHA-512:7E736F6E0B57F5D527DEDB0B91291DD3EB1FB0324E5E349C4206A025FE3CEAF5B3E1F21F44653F9C6FCAA41BFD8742B4D37BC5B1BEBCD84378D2A52AE9A64F22
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...2e............" .........P...............................................`............`...@......@............... .......................................U.......`..8)...P....... ..p...............................................................H............text............................... ..`.data....7.......@..................@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Quic.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):280864
                                                                                                                                                                                                                                Entropy (8bit):6.508318800576785
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:NpnhH0ESsuurvHsPNTiiJe7ryKSIqqTxM8uGljRc:LhH0ESsuMHsPje7rAsMwlN
                                                                                                                                                                                                                                MD5:1E9B9E443C93C2C10B5ED5A18A6F373A
                                                                                                                                                                                                                                SHA1:8F3D2DEA48ED2B29178BCDC998ADD696D101D5FF
                                                                                                                                                                                                                                SHA-256:24674D754F8DF968CD688EDB57D76CC0D19CA8556FB233B228DC43265F23AC65
                                                                                                                                                                                                                                SHA-512:42BF6AD8C6707F3924AF164F3ECA305678E39F5343C96EC1415D37D1EDADFC0CAC2A7BA619D16B721999909EA773221748905E0BC7A35C9DC641C06A8662DD3A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...4.Y..........." .........p............................................... .......)....`...@......@............... ..................................T....b....... .. )..........x!..p...........................................................X...H............text............................... ..`.data....U.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Requests.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):346424
                                                                                                                                                                                                                                Entropy (8bit):6.517886198613069
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:eDpG2K8Efzpt5rc1EGrt5e15/ftXIDndDpek+fs3CU1S5m:upGp8Efn6GG7enfsyHgCU1v
                                                                                                                                                                                                                                MD5:15453335CBB5A8C13B6C3579CB27EF44
                                                                                                                                                                                                                                SHA1:4290DC1F4674F46AF1BFCFA2CAEFDAF6E29D5236
                                                                                                                                                                                                                                SHA-256:2AF7C808F26966E6F607C5E64F8D0117301E0EB3BD830C0731C7B1C2811FEC5D
                                                                                                                                                                                                                                SHA-512:07C36FF474FB60609AD531CCA73B3ED3B6B7EE2F764DEE61F17108D9399EB07627D31585108BE25FC7161CF018893A0FD91BA70E0D1640D48F842376C00CB6B9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... ............`...@......@............... ..................................t...p....#... ..8)......H...P)..p...........................................................x...H............text...j........................... ..`.data...=n.......p..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Security.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):669992
                                                                                                                                                                                                                                Entropy (8bit):6.743467370555766
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:eXujiG31ToS7RD8B8XmDeXPRkUhIP1dD/m1p6X90QdsAYcNCyJ:eXRGneOkDDI6NVS7cT
                                                                                                                                                                                                                                MD5:346732F74DAD8A8D557FB494D5636E63
                                                                                                                                                                                                                                SHA1:3943BDF4BFB6E4F1A79AB5027BA7E2CC3A88FDB4
                                                                                                                                                                                                                                SHA-256:F8D695445499BCC4CA8A41436DF9167B3A730EE0FECF9DC2A40E998C769EB1B8
                                                                                                                                                                                                                                SHA-512:65E678314C4566823A491CCE1E8EF674E5B78CA1C11C67F86C4EC92FF609D7F66FE9B3433123387ED644B044B7B670BFFC490769C87A9A8D11E868999FA0B18E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ..........................................................lJ....`...@......@............... ..................................t...h....7......()..........8+..p...........................................................x...H............text............ .................. ..`.data...h....0.......0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.ServicePoint.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47384
                                                                                                                                                                                                                                Entropy (8bit):5.320340299131119
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:djM1jzxKx7KzNzY7okroiIpPMOWOYe9zHz:djM1jzsRKB6ovi6WdazT
                                                                                                                                                                                                                                MD5:92C47820207565CCDF190FBA0C055297
                                                                                                                                                                                                                                SHA1:4695E165E2C162393FF43BC86731C50E8AB2C380
                                                                                                                                                                                                                                SHA-256:613B5DC25C72833A5A75BA80C59CFB4CF5522C7A6AD39D2D27A005CEEA72C857
                                                                                                                                                                                                                                SHA-512:B0204A39FC18FD854517E3C90A7459151602F8B6142F622FF168E12C49EBAA9B9BB0E27A87CE708947FF17D526E12A41EC7958AB7A9DEFDC4FC0AA8C3D2596EA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`... ......................................................\.....`...@......@............... ...................................................)..........X...p...............................................................H............text...HU.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.Sockets.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):547096
                                                                                                                                                                                                                                Entropy (8bit):6.628823968958786
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:ZZ1V7iKdtxaGNUL2Sdr5Nzv0SOFjdP0E/0NYv:ZZ19ietxaGDSzxOt6EsI
                                                                                                                                                                                                                                MD5:E4D73542713F8FB1DD0E7E5E142443CA
                                                                                                                                                                                                                                SHA1:2D4C8B35C2EFA76C1FE95D0107B40781C51E4EC5
                                                                                                                                                                                                                                SHA-256:928CB763462984DF68C19B44B41CF27D002F8B5CB4EF8BA8EB8A6F0602F6B2C8
                                                                                                                                                                                                                                SHA-512:204EC8A2D43C30F2673C4FC7E6543EA0CE71DDB56C0956B0B1B2D8B53A34745E12A09206D6D1B8A8CB019A3D69324DA068687DACCE87255F98421F3723D399FE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0...........`...@......@............... ..................................t.......|8...0...)... .......4..p...........................................................x...H............text...8........................... ..`.data...az..........................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebClient.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):170264
                                                                                                                                                                                                                                Entropy (8bit):6.42995613243351
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:Pl6InCEQ8/qNIJ55jOpC2poY3ykJ9rijMFpR/8NM:QXEv/8IJOvpFFH8a
                                                                                                                                                                                                                                MD5:F87B4ABDB9661C494CBFC3A1A6F1939F
                                                                                                                                                                                                                                SHA1:5948DD100146C6E2966E5E57A967B990EB6D6D48
                                                                                                                                                                                                                                SHA-256:E92BA4FCBE48EB14259778EC442BF6330A85517D290675E02C7BDDF8C6752ECA
                                                                                                                                                                                                                                SHA-512:B3A55EFC33150937E48385DE402362C4112B51B78C6CFBEACA749997295C4B0CCC9BAB301F69F6C79E4897BAEB344FF273B7897D79489BB0C33ABE7A6A277045
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...GbV..........." .........P...............................................p......;.....`...@......@............... ......................................dK.......p...)...`......@...p...............................................................H............text............................... ..`.data....8... ...@... ..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):67872
                                                                                                                                                                                                                                Entropy (8bit):5.782301099321138
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:/SmwVOWqRmRfYtHQ0Yx82s88krahmqOwA83qJKAFE6WHKV6q6G22N7XK6RH4wqY0:/ShAWqxbYx82s88krahmqOwA83qJKAFM
                                                                                                                                                                                                                                MD5:1F48CE4F560C515D93BE8E631C6639F6
                                                                                                                                                                                                                                SHA1:0CA5F7790AEFC8927B37149B8ED9EDCBDD054872
                                                                                                                                                                                                                                SHA-256:7E1855C9965554D7164BA73D355BCAC2E28C7E253D35D07F58F718B8CB037730
                                                                                                                                                                                                                                SHA-512:C2879328B25CE351C3DFDDE6AAFE1148BEC7499E261FD9FA6380026D17EBB17EC008F4E07F81E08DA90744DF8454FE479F45454BCDEDC105B35AC7316700C9F4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." ......... ......................................................8.....`...@......@............... .......................................!.......... ).......... ...p...............................................................H............text...J........................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebProxy.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43304
                                                                                                                                                                                                                                Entropy (8bit):5.4543981044661525
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:n3WpvwWJRCJtK5ZkEun+JBTeZDeRbOkKsdEbCLv+CTFLfyO5Ei066gaiGkXYA6VS:n+jRCJWDKCEtOmo6jiJXFCl+ds9z
                                                                                                                                                                                                                                MD5:C77A9EC63CC7588D5C7FDAE75CA4BA0A
                                                                                                                                                                                                                                SHA1:912B2FB046EFC6152755A79CC4FB20A096F74483
                                                                                                                                                                                                                                SHA-256:B28FA5FCE149A161C1619A8C40A6B25F6FCB0F44E4C0580B721D38F024AB3CB8
                                                                                                                                                                                                                                SHA-512:6788378D707983AB8DB891E489E1169A214A9E54D400522D6E39FB89B4130A885213947AB3F3AB05201D5AA68B629912E68AB52A05438DD8272DF3C6DF7A08DC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...IE............" .....P... ......................................................I.....`...@......@............... ..................................t...............()...p..........p...........................................................x...H............text... L.......P.................. ..`.data...=....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):100656
                                                                                                                                                                                                                                Entropy (8bit):6.037382679706859
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:p3Y1cu9IUexVQtU3/+wUpHK+yT7G7bw0LCEOsW8zu:p3Y1cDl8tVK+U67bw0LCEOsPy
                                                                                                                                                                                                                                MD5:F60FC5DF9579B7807A41F83996A92336
                                                                                                                                                                                                                                SHA1:F1DFFEF2B7B52DAD59C93B438CD8C9FC8237310B
                                                                                                                                                                                                                                SHA-256:5AF953EEE1E6B527EDB09EB3D51265A08BF0CAA9B57A1064176C7A726E464A35
                                                                                                                                                                                                                                SHA-512:A74D1D0AB4AE318792443D65B1E8F039DD63FEC0BF12E8C140C4C0DC5B28BC6760D17751D8C08C339C43ACF05FD42F6F68E625B7F4E45CAF31A14A979BE55050
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6&............" .........@...............................................`............`...@......@............... .......................................,..<....`..0)...P..x.......p...............................................................H............text...s........................... ..`.data...s!... ...0... ..............@....reloc..x....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.WebSockets.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):190752
                                                                                                                                                                                                                                Entropy (8bit):6.370812726125536
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:c2OHqla+5t0nMuTBUuzyDbYCOi+dWuWVyRAIUQeu0IeW+domJM9wNYLbkbmvhZdu:MHqla+/0HdaO1QzIeW+doCmvhnE7mNxa
                                                                                                                                                                                                                                MD5:68AF5E566C3F92B8B5D435E8CF0E4C6F
                                                                                                                                                                                                                                SHA1:C29C05434C7CA82A0BF15A60CB2D4542483A51BC
                                                                                                                                                                                                                                SHA-256:5418618458AA64E2695F6F51F51101E0AF961AA884E37EF2CA4212513DC87912
                                                                                                                                                                                                                                SHA-512:47606C8E0B9642933A81221B91CBBF7FC06424EEF1A37581E5C165DCAC9279C145253CE34D32009BAECB80EF847013FDC355C343C4C7C67BF51843D6A2700CC1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\9............" .....`...P............................................................`...@......@............... .......................................L.......... )......d.......p...............................................................H............text....Q.......`.................. ..`.data...O7...p...@...p..............@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17688
                                                                                                                                                                                                                                Entropy (8bit):6.619310311563334
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:m313DLE8RCWovVaWWdX6HRN7IOO2IR9zJgIV:S13Dq+WLhU9z9
                                                                                                                                                                                                                                MD5:E1BDFB0A3C2077F217E94626A9C84D37
                                                                                                                                                                                                                                SHA1:4485FA68954A681EAB2A6C6BB5006645AA63FB39
                                                                                                                                                                                                                                SHA-256:18A45C63385C3F59BD8A503939E2E5C7CD327E2C03219A550E016D6A7CFEF468
                                                                                                                                                                                                                                SHA-512:8D004D51503A92DC1878853DCD028D7865F22392FE194DEE0CEF6DF0B0A0E040BD2F4D33F4F0524DCB130E39359AF9506A6D0F894CE3D6FD16AA54A2CC67C61A
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0..............1... ...@....... ...............................#....`..................................0..O....@..8................)...`......./..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................0......H.......P ..$...................t/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID...........#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.720152735363345
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:yhliwxY2gWa0BWjsWxNzx95jmHnhWgN7aIWTFf/A81BHX01k9z3AZfzpqTJL:yhHbgWa0BWjzX6HRN78f/AIBHR9zQkJL
                                                                                                                                                                                                                                MD5:D548C14C3C17E640DAF27A76707F3BD0
                                                                                                                                                                                                                                SHA1:8318BD1AE48BFFF8D0C5609E511BC5C10C8DFE7D
                                                                                                                                                                                                                                SHA-256:D15A0768577C9E75A3D6FB94D580ED1E32994F4B971BECE03E6AD6EF7FD3518B
                                                                                                                                                                                                                                SHA-512:D57139F4FD99820FDA6BCFFAD86F818125678E7E543B2C68DFDA4EE0C3547E003B290B5DCE23ED43A6D9B3CC739159E151039BC8B1D26A851CCCE4DF287A0FFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............"!..0.............n*... ........@.. ....................................`..................................*..L....@..................0)...`......,)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ..\...................P ......................................^..C...wn.|2..)..E..Z'...N.. ./..I....Z........a..PP..=F..=....i...... D..R....03...n.....[.Q[<o....q@...:V.....6E._V....y;BSJB............v4.0.30319......`...8...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v.................\.r.....r.....`...8.....0.......r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Numerics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.743391402121608
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sF7xIOUCtWeQNW4pWjA6Kr4PFHnhWgN7acWOedNx6RMySX01k9z3AcyNaxQGEHo:K1fWeQNW4YA6VFHRN7edGMR9zPyr5Ho
                                                                                                                                                                                                                                MD5:C9FC19DB9FE74066786403B4829EC5CE
                                                                                                                                                                                                                                SHA1:12240200EC9DC0A64B141761DD2ECF7CCF4D4480
                                                                                                                                                                                                                                SHA-256:8CECA85D001CFBF974FA37ED8C64CF97B619DCA942501EFCF22D4F369BA42292
                                                                                                                                                                                                                                SHA-512:3FD206570AB29DAC923CAA7E1FBB32AE855D7814559534637EC381412CAD6AFB89FBAB99BDA21BBBA975554ECF5955B60D2129F5DECB50D70477E1A4BEC7A18F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.(..........." ..0.............^)... ...@....... ..............................+.....`..................................)..O....@..X................)...`......,(..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?)......H.......P ..\....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ObjectModel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):80184
                                                                                                                                                                                                                                Entropy (8bit):5.8034670220183395
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:anwUGEl0HKXrgcCGfN2QSsMWrHGe36XWD09zgS:0Dl0SrqQN0yHGeqX0O8S
                                                                                                                                                                                                                                MD5:1E2A3C3FCAEE389C04D33C18F3B09599
                                                                                                                                                                                                                                SHA1:6BECEBD105CEDD72DA755A49720D79F23F43C3BD
                                                                                                                                                                                                                                SHA-256:447E24F4BFAB9D7F23DC204B632817DDF933AFD89222CB396402B471DFCA99D5
                                                                                                                                                                                                                                SHA-512:A2BA95117DC9937E60E304384107C09DBBD12EA1BDD3B6210D2088CF10A9A6AA8CC09C83522E54F9F884055FF7072CA4D231273B0DE0BD4E66175E865AB13009
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(:..........." .........0.......................................................u....`...@......@............... ..................................t...d%..........8)......T.......p...........................................................x...H............text...o........................... ..`.data............ ..................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.CoreLib.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):13175088
                                                                                                                                                                                                                                Entropy (8bit):6.846434850139803
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:98304:FdVXzmQ6u2Pf1F1HpwajX4p92QKxV36FChEqiPVGK5+k+uiCi:9WuuT1HSajXgJgV36FDqM5+tuxi
                                                                                                                                                                                                                                MD5:8B5EE62ABDB7B72F418D797FE73F2521
                                                                                                                                                                                                                                SHA1:77582007964CBB215278267691A255B63ABE5FFD
                                                                                                                                                                                                                                SHA-256:4CD6810B4EBE8D6E1F5928F2026D257C112380D33B557A60BCFA9C7F2BB012E8
                                                                                                                                                                                                                                SHA-512:870EF275E1E8D1607E2B22EB25F1F05F99346B54651BC119D809BF21F1A6F041EFF801B3B5E1FFBB1897975FEB2C3AA47B3699CC4C63ECA8E3E6A60387AB4BD9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...J.c..........." ................................................................}.....`...@......@............... ......................................(r..|.......0)...0..@...8...p...............................................................H............text.............................. ..`.data............ ..................@....reloc..@....0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.DataContractSerialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2083120
                                                                                                                                                                                                                                Entropy (8bit):6.7084204593562475
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:zEe18SlNT7q8K+sb8VI5fCImJ1MxOouLs32DL2v6EI6PN:zE8Riy6PN
                                                                                                                                                                                                                                MD5:3E4914FB86B55E766730BBA2CF5F9710
                                                                                                                                                                                                                                SHA1:AA6EABD6462F7898FDF34FA71355190A1B915F07
                                                                                                                                                                                                                                SHA-256:96C38BE90900D54FDE8D6DB1B3DE8377C07DAF21E99976D6A3474A9511E3EFC6
                                                                                                                                                                                                                                SHA-512:1B5749D910B8B5564F8D125A5AD62218B3BCFE190692D82F5101A8E53DC604060E3D9211B34EAAA6A9094C03529D6CE0196766AB5F266BEB8064B41314834EB8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....6..........." ................................................................X. ...`...@......@............... ..................................$....[..........0)...p...'..(v..p...........................................................(...H............text...;........................... ..`.data...X...........................@....reloc...'...p...0...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Uri.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):260408
                                                                                                                                                                                                                                Entropy (8bit):6.615538060259084
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:AfAAcZcInBPKCeDc6Ci9MG3CMeVmtGNFsGu6MyXO:HFKDciMG3HamtGNfuV9
                                                                                                                                                                                                                                MD5:FADC9E1672EBA182AD57E6FF27DF1797
                                                                                                                                                                                                                                SHA1:774C74089FCEA3AFE0C7CA1A0B496C999392900A
                                                                                                                                                                                                                                SHA-256:DC01ED420EF427086F0057013D7AC1CAC07E2483E4CFC162D09DF1B64553892C
                                                                                                                                                                                                                                SHA-512:0650F9ED9C86103CC66871B4558BA9AE291273FF5E0DC0FA7468F3636AC6896CAA8C9EA714ED821B55A519C6E1B1F5BD26D6DC7196F8F2BBA6215F355A2BE602
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@.......................................................<....`...@......@............... ..................................t...XS..x.......8)......8.......p...........................................................x...H............text....{.......................... ..`.data....$.......0..................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Xml.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):403768
                                                                                                                                                                                                                                Entropy (8bit):6.602276363545423
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:oxERCkFa5oBSKGFCoMPxSOpXQgVuThCDCaY+zrZjzEOQlIZPKN:ouRZM5oHGhU/4WCt+z1ffZo
                                                                                                                                                                                                                                MD5:1BA13843CFE69115B69B9734F08D8C1F
                                                                                                                                                                                                                                SHA1:D16B4DE6A429D77A9B418E545072B6540AAE10BB
                                                                                                                                                                                                                                SHA-256:13602313FC8BF7F6BE2183DFE3F07B10CCE450566D7CDE619C238D05137338A9
                                                                                                                                                                                                                                SHA-512:382DA8E0580447BEF35B2813212634513B6F180664ADB7A3DE072D92FD9485495905A13A0A40319B2C0FF02C2A05549697C1A6BB651C2A42E9F172EB1D9BD68D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}a..........." .....p...........................................................X....`...@......@............... ...........................................-......8)...........*..p...............................................................H............text...vb.......p.................. ..`.data...Sd.......p..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Private.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):7989544
                                                                                                                                                                                                                                Entropy (8bit):6.802297198301812
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:98304:CgB/y99HaDD1OMe3dpE/dhYw2knN5WUFX5cha:v/uaDD1Ox8YoFX5cw
                                                                                                                                                                                                                                MD5:E166C44D116A2A649FB8BF58B8DEAE69
                                                                                                                                                                                                                                SHA1:E66C37FBA5E3C405DD21C464343B87E173F1FB45
                                                                                                                                                                                                                                SHA-256:79CDAEFC221388C3E5B9AFA137F8E4A44366CAC0CCC617BF1F5B6CA0DC95F3F3
                                                                                                                                                                                                                                SHA-512:852C80299D20B6D5D7EBCA7C3D76DA1EA36CED6274374AF8ABD8F484C356321090E784F8C5E8357D1B4F6AC49DD48F81A6642D0D95682BA92C50E07EC25A20EF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......s...................................................y......z...`...@......@............... ..................................t............y.()...Py..h.....p...........................................................x...H............text.....s.......s................. ..`.data....Z....s..`....s.............@....reloc...h...Py..p...Py.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):76048
                                                                                                                                                                                                                                Entropy (8bit):5.943118914884181
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:2NTs7klOJRVNvKzBMuSxRWHJQZYoqNTJodiOEp4z0:2VxlOJXNvKKxRWnNN2xXQ
                                                                                                                                                                                                                                MD5:202192E1AEDBDBD47B4C755227C9F174
                                                                                                                                                                                                                                SHA1:FB61C5557319FA1BBF82302AEF46C331EFD8348B
                                                                                                                                                                                                                                SHA-256:F625AAE4F7A839B16834764BCDEC5F8008A5171AB1AF77277B4861B077078D25
                                                                                                                                                                                                                                SHA-512:EB87E36BA74192A177D9649E3B583A72B15C8AC3B8ECD991A56D449EBE99E2CCB3D667FB937055623584EDA6B271658784F9BBB51343843D3317F311C2980154
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........0.......................................................2....`...@......@............... .......................................$..|........)......P.......p...............................................................H............text............................... ..`.data............ ..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.7440217236656395
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:EXWj9xP9WVTUWDeWxNzx95jmHnhWgN7aIWjYe2YHnsTX01k9z3A1Rrn:vjH1WVTUWDlX6HRN744YMTR9zUR
                                                                                                                                                                                                                                MD5:AB6EE54636B88E5FE0DADCB9F24D907D
                                                                                                                                                                                                                                SHA1:FAEDDCC767249EF0208A907DB50ECAEF1AA1F91F
                                                                                                                                                                                                                                SHA-256:7C85F57B009B38E7F62DE0437A652966DB39134DC95527E3F60EA1B3334E23EA
                                                                                                                                                                                                                                SHA-512:5131F86CD07BF1BD434E039EE7F0BBBFDF772F5C01EBD6F0968B5E6E5567F0C4130E7621B7D4489698A77BE6543D256ED4217CDA84E9178ACA1FD0F70E507DFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............*... ........@.. ....................................`.................................?*..L....@..................0)...`......4)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..d...................P ......................................V{.U^i..7`..8.Q.Tw.YZ8......\@9...7C...L.....v...y.%.....-...l..>.*#_.........[...+...d@~....Pu.j(...lt..........O../BSJB............v4.0.30319......`.......#~..l...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.....!.b.....b.....7.................b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.719210609725614
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:7nnux2kmOWxEVJWWWGkWxNzx95jmHnhWgN7acWE1AJvxwVIX01k9z3AXaKrPDs4Y:wpWxEVJWLSX6HRN7T1w9R9zEFrbw
                                                                                                                                                                                                                                MD5:F6781A08C2B18C6D751821744820B6C4
                                                                                                                                                                                                                                SHA1:F10227DE4488F3E6E753D4FBD1D1C017A5E23205
                                                                                                                                                                                                                                SHA-256:9356D1216420F334FF6DE21F1ABC93609EC7B037471453EC722DE89CEA954D45
                                                                                                                                                                                                                                SHA-512:1270DB17862A22352BC8737B88B33C4FFD03146F2DEDE9F8DDB144D1F26BB8FFA35183FF9E99EDC408D7E14524D4C6CF82E833B4992446C982778A842C050D23
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ss..........."!..0..............*... ........@.. ...............................D....`..................................)..R....@...................)...`.......(..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .........................................>..B...u....z......q..p...h.ea..U.1M@..)4..y...z.W.+..qJ...Sy8...F|.......W....?e.c2..........`...,.2.eS.R.......1W...}`BSJB............v4.0.30319......`.......#~..4.......#Strings....<.......#GUID...L.......#Blob......................3................................................0...........I.k.........t...../.E.....E.....>.....~.....~.....E...i.E.....E.....E.....E...P.E...].E.................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Emit.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):129312
                                                                                                                                                                                                                                Entropy (8bit):6.1169104642443894
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:qShk64jKiEAYbKatyLJBsVkrc10FBR7yqwA:y55fSe7sungq5
                                                                                                                                                                                                                                MD5:F3C93B3779D56D80D784BA712A74C9FA
                                                                                                                                                                                                                                SHA1:AED1E91233D0DFD1937354D4A94C5447B87259BC
                                                                                                                                                                                                                                SHA-256:5BE721DD3FEB1E56284390D592B81C1885F50BBEB567C53EDB8DDC1CD3210DD4
                                                                                                                                                                                                                                SHA-512:A1CEC4E076613695FCA1336B4C40F4EAE2F049CA5CEE522EE4082F3BF74C3704DF41655E00A806365A216110A7997DA0375DF74F5CA58FF072647ED80E352BDB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....+)..........." .........0......................................................3.....`...@......@............... .......................................+..l....... )..........0...p...............................................................H............text............................... ..`.data...Y........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.793667220027114
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:Vv8XzrxAlvUWKZWWGhpWjA6Kr4PFHnhWgN7aIWxn+EYHnsTX01k9z3A1Nmjl:VEDlAUWKZWWOYA6VFHRN7qpYMTR9zUc
                                                                                                                                                                                                                                MD5:92E0E5A63D25B9C3AE3983FD1B126A8D
                                                                                                                                                                                                                                SHA1:AF7095C2D4D58A19F205ACEF1019064905F44EF5
                                                                                                                                                                                                                                SHA-256:F006C1DF74494ED22ED0ACE97F4D3D1A8B2B5C65DE706D201B76146FDD5EA6EC
                                                                                                                                                                                                                                SHA-512:92A3F172F88E4BCE2B7651801D7FBDCC7C5BBFC242D60FD416EC6DDDADC4E0BB98ED24979B0FCB008B220D7EB93EE45C4DC39E4B030A4F9F23AEA94FC8ED82CC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z)... ...@....... ...............................=....`.................................%)..O....@..................()...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Metadata.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1116440
                                                                                                                                                                                                                                Entropy (8bit):6.644311003487164
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:/3e0zkmiwp8+2KFhA8WDlLeO9om5EoA/mSdWDURfeGWFbrWuoDzAVdrN:/3e0rdp8ihocOWm4/iamGWFbB3N
                                                                                                                                                                                                                                MD5:64E6830F63DE5F8F82A4F45BB5AAC4E1
                                                                                                                                                                                                                                SHA1:3834E21EAF634DD532FC3D77B9F2449BF9F384CB
                                                                                                                                                                                                                                SHA-256:A82DA76C39DD2287B580986C9D21E7405E3B9D43953C1856AD9036E117462A2E
                                                                                                                                                                                                                                SHA-512:EE57142DD8A3036F0D545408FD68B325FA614615412E94F49536C391C009809EEA17E17BA3581A8DB4C2A56DD3E761A21A7BA3458E537F086270A45099504928
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................Ny....`...@......@............... ......................................@...........)...........W..p...............................................................H............text............................... ..`.data...A...........................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.781423994083627
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:giSI4jCaxPtdWSx+W3pWjA6Kr4PFHnhWgN7acWbRQRfKDUX01k9z3AyCWtQG:GPVdWSx+W3YA6VFHRN7PpR9zldtQG
                                                                                                                                                                                                                                MD5:92BFDBCC5A2A2BC7DB8AB7A1D759B827
                                                                                                                                                                                                                                SHA1:09C260B069057E7EDA73BAFB78DB6F5A5968F5B1
                                                                                                                                                                                                                                SHA-256:081035E2019F5614F08BBEE64BA2D4B93958A6F1F6EC7CAD305109519DB07C9C
                                                                                                                                                                                                                                SHA-512:C43D173D96D9743A5917F02F4299A36A15C99252C271DC5076EF80DA0ED06088A8300DF7F31301F937E641E6B91FAB7AD1F5F0B6A57AE4DEF5196884F71F1ACF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........."!..0..............+... ........@.. ...............................8....`.................................5+..V....@...................)...`......8*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H........ ..h...................P .......................................5....To.*.r..+L@el..... wO[...&...BC...|(.u./.z.N.~.#.....Q7....(.~>H].L....%C..n.P........L.>.D9....s8....'.......?..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y.................?.g.....g.....`.................g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43312
                                                                                                                                                                                                                                Entropy (8bit):5.201190108733127
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:oCWmBeW8p0YckPuTNRyVP0a+SKuD6tdjRGxX6HRN7j81zxIPaR9zEa9:o4qckWTwD+juw6Wj81zxOW9zT9
                                                                                                                                                                                                                                MD5:E58204BCE15E07EC0E3A9E1BE50DE9FB
                                                                                                                                                                                                                                SHA1:E9EB5D8BA8AB976B0FB4A8A267898145DB7BA2F8
                                                                                                                                                                                                                                SHA-256:1C5AC607683FC37DCEC16FEDD9360DDE2A214444596E3C2EA922EEB0C5E22EE9
                                                                                                                                                                                                                                SHA-512:D38BB77B4E253748E18AAABF8817A7CFFC802A5E42E889107A8763B1833F4550D313EBEBC7290079023A4617E1533D2CA3F78A2017908901B0A50496EB589BA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}............." .....P... ............................................................`...@......@............... ..................................................0)...p..........p...............................................................H............text....G.......P.................. ..`.data........`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Reflection.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.685947251423688
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:y+CkNQKYxA7qjWhFCW0WxNzx95jmHnhWgN7agWBBXLrp0KBQfX01k9z3AA7OfL:ytjXjWhFCWbX6HRN7oRxB+R9zpifL
                                                                                                                                                                                                                                MD5:6AD5CAD80276892BA4CC02B27E85BE12
                                                                                                                                                                                                                                SHA1:7333C6F4682AD9C77D9FC319DFA48372A5CA321A
                                                                                                                                                                                                                                SHA-256:ACD8F3EA0B145517E9DBE2D276B174DF4C7EBAAE28ABA62EE2303A8AFC83235F
                                                                                                                                                                                                                                SHA-512:5C010AC745B3DBB5D22149DC8C373B2ECC9D9EB38566714FF23119C4FB0BC03B4A49607DFC073DE5912DBD8B4583E80C1E528CD5710C1865CD1CD18CC7CC08C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ...............................T....`..................................,..O....@..h................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.Reader.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15648
                                                                                                                                                                                                                                Entropy (8bit):6.7745107157816
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:nhDOxAmBW4+3W27WxNzx95jmHnhWgN7agWPDucADB6ZX01k9z3AqRariR:OfW4+3W2UX6HRN7EucTR9zlRarM
                                                                                                                                                                                                                                MD5:B60D236051B2ABCB66F74C4812223C62
                                                                                                                                                                                                                                SHA1:8786DC5545047F56D1C909265841212C203ACE2C
                                                                                                                                                                                                                                SHA-256:4EE54B35DE61268A3C9DB9A80DB5F005B49C134F5E9CEDCC0B31CDC2D120058C
                                                                                                                                                                                                                                SHA-512:93873F04B3C5B8F962DD376DD7A3B0672F85F086C5E8BA08478488740D8DCE9D77679B8524E210CCF4F2386D8CE5CDFFE17C2709C79897C7F477A6ACB4D59AA5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`5............" ..0..............)... ...@....... ....................................`..................................(..O....@.................. )...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.723144015881292
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:PaO9uvWV6zW+mYA6VFHRN7DgFDR9zTPUz9/:Pl9unPmFClDkl9zAz5
                                                                                                                                                                                                                                MD5:066BB1ECF94BF9C15F39A89C55AE70EF
                                                                                                                                                                                                                                SHA1:B711BBAD6052C4BB53D8BEA0DBB9FA64B3402DDB
                                                                                                                                                                                                                                SHA-256:78EA4958BBA58923073533245EEC77810C34DE5C4D7F8FC5F2DCB20503C39068
                                                                                                                                                                                                                                SHA-512:610558F4B5CF6F72921B3BABE28CA842EFCE97A85FA4FABAD91FB8EB92ECBCF5154A52E185965347974720D0E377239DCBEFE00940F4F28BA78A6438A8B5547D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0.............n*... ...@....... ....................................`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Resources.Writer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51464
                                                                                                                                                                                                                                Entropy (8bit):5.757823712774265
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:tIc32LPcTNq2irs+I3312/gb04IhFCloU9z64:tZGLkxq2iy3F2c0Rifzl
                                                                                                                                                                                                                                MD5:474F5DACA75A68CCB27640CA24FD360A
                                                                                                                                                                                                                                SHA1:68A5F5EF287E31046B5B90C58DD4D9727E0B1E1E
                                                                                                                                                                                                                                SHA-256:9175EF26F74399E465C8053B142704EFD03727FE9837A5EC608433A417DFE326
                                                                                                                                                                                                                                SHA-512:E5620657ED62AA0C71ACF5E8FEC0ED47857C7776868D2374A5F48ADC9AC7F2D4DB46B055C4C9732BF315EDA9FFF78F9347570B7A2AFF6E25D9602CA8647B1D88
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....[............" .....p... ......................................................!.....`...@......@............... ...................................................)..............p...............................................................H............text....k.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.804784998922409
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:m7xAvH5HmWgJ2WQkWxNzx95jmHnhWgN7a0WECSj9BtaFFX01k9z3Ay3myt5D:MCgWgJ2WQLX6HRN7JCc9WR9zBT5D
                                                                                                                                                                                                                                MD5:C491FA202B388C62A783E9E7B8219531
                                                                                                                                                                                                                                SHA1:4DB62FCC3451FE365B96AC8F6AFB8B36A310D0A7
                                                                                                                                                                                                                                SHA-256:2DC6D8D20AF5A36257AF1E816F289F3F21611E811DBE9AF20966E5D4E701B7E1
                                                                                                                                                                                                                                SHA-512:2046C41F7F5CD99020FA5784B8656636CE6AD2EC35295AC580704314622841812F4293C08847C01AE2DB833AEAB4DF2DF59BC33812423121FD1DFC9FF42A04FF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ...................................`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................))......H.......P ......................h'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):31032
                                                                                                                                                                                                                                Entropy (8bit):4.668485682155773
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:eWsCLWChjxoeaVEEfX6HRN7hq+GkELRPR9zjOCI:NBpapWhqGQ9zK3
                                                                                                                                                                                                                                MD5:511A6CD95CB5E50ACC7C7B97F8DE3531
                                                                                                                                                                                                                                SHA1:3AE756447C028A59CBCFB20CEF96483337DE4B5B
                                                                                                                                                                                                                                SHA-256:2CF2328B2BB67EFB7A4021E6B1093282826A7D221BD3B3B57C145E5E13374456
                                                                                                                                                                                                                                SHA-512:033E5553663D65A66007021D5773BB3046C2B24D51A991C83E1B025170E9D04B910273467CBAEC9CDE12B79DB10E2C9685AF5722BBACD603EEEA5ACB565F4788
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....b{..........." ..... ... ...............................................P.......6....`...@......@............... ......................................$........P..8)...@..........p...............................................................H............text...~........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18224
                                                                                                                                                                                                                                Entropy (8bit):6.562338179216365
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:5/Sj5rt9x+vFW8gNWXNX6HRN77pGR9zqYI:5qj1tSOIW7Y9zPI
                                                                                                                                                                                                                                MD5:33FB9BBBCBA3E7BBBD7BA9216958008B
                                                                                                                                                                                                                                SHA1:7660B39FDF52E35EDF106D6900F2C7862121EEA4
                                                                                                                                                                                                                                SHA-256:C31F0812B87812A10627C8603CA265E1A33927047134B1DD5CE69356869E250C
                                                                                                                                                                                                                                SHA-512:D51FD4D60B53C8BD23BC285FF34C447CEB517C3E402A8D61DB397996C3800F268B4F0ABEBEAC12BF42B608506EDCBF66CC4A27E46C0842B9BA149DAB61E5F01D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............." ..0.............22... ...@....... ....................................`..................................1..O....@..................0)...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Handles.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.814505381555342
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:6lfzxAd9sbIWAZmWwXWxNzx95jmHnhWgN7aIW2a3YHnsTX01k9z3A1yb9:AftoObIWAZmWwYX6HRN7+YMTR9zUg9
                                                                                                                                                                                                                                MD5:5E4C20E0A38D62A629E7009686E20264
                                                                                                                                                                                                                                SHA1:27459AD6B3431B3B522CBD4AF7CB8DA84618353D
                                                                                                                                                                                                                                SHA-256:FF10134A6AB7612D6AA2A368B1C6F3173A30CBB1ABF8D517C97895DE72132F2C
                                                                                                                                                                                                                                SHA-512:5F11D193335F8556E66A040B1D29B18BEEDEB2F3FF1DE4E59D278E9B9E45464F9B5389C7815DB5A8889BCCB754F9B7F6E58B4535FF749CC33FF701B43516CEDA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..............)... ...@....... ..............................z.....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.JavaScript.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51480
                                                                                                                                                                                                                                Entropy (8bit):4.96736494913135
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:bOxGMiFMwIIARptGdwWxroe+MH1Q+k71pb52BWAD9zh:bOwMiFMwIIAR3GwWxUezVzkjbeWApzh
                                                                                                                                                                                                                                MD5:B3CBC3F39F271F7E23A0959D2C4A26CD
                                                                                                                                                                                                                                SHA1:FD29277A423DF0E2C107E3C306228C665767E99E
                                                                                                                                                                                                                                SHA-256:B5415B6BE10C1E87BF8FAF4206471EAD93E0AA4F445CA8CD9F35B8EAF8158D90
                                                                                                                                                                                                                                SHA-512:A0D7B80F572ACFA60B92CBBDF06EDE4050944281D96E419DED9C014DA085387B2A9D841BC28E5DC88562BF92720E6AFC516E744E16FA4E9C4E6E1C173CEC744E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....m..........." .....p... ......................................................._....`...@......@............... ..................................$................)..............p...........................................................(...H............text...Zg.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.847005993457445
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:K7e1enxAbDNrWHDUWMqWxNzx95jmHnhWgN7a0W0kzj9BtaFFX01k9z3Ay3mKPUpc:KCUxQBWHDUWM5X6HRN709WR9zBbMc
                                                                                                                                                                                                                                MD5:13D864886ED9DAF09E800B3851B4A05E
                                                                                                                                                                                                                                SHA1:5F7DE3337CD71E167B6D70626D29DC7139AB765C
                                                                                                                                                                                                                                SHA-256:357797FEA3E2F1FAE6DB8F47AA096BDC35707BEB16EA912019877812708841D4
                                                                                                                                                                                                                                SHA-512:F561129CEEB84C4C0AE1C605887907E9ABA9BF20A5107828F706D3A5BD075C87C918B0551845208D81A1AD65CE7844044187430F943EEF8253FD257AC6E937F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C./..........." ..0..............)... ...@....... ..............................&.....`.................................{)..O....@..h...............8)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):96544
                                                                                                                                                                                                                                Entropy (8bit):6.028171254215127
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:4o6MupEelCtJfKS6+67NspnSPM+l5+CkmVhKWHOiOyzUizB:4o6R3lCto+dSPM+rJkm7NOxMUil
                                                                                                                                                                                                                                MD5:1DF866F691DEF4290407F5CF01B996AD
                                                                                                                                                                                                                                SHA1:B2BA5AF3F80AAB63EF2FECF6341B44DEAE201AC1
                                                                                                                                                                                                                                SHA-256:127EA3F2FF47CEA14C082B2ED22066554D22C9D8F97DC0D403B17042FAC62A5B
                                                                                                                                                                                                                                SHA-512:6F96AEC2ABF7F6E96B7699F67CC8547334277C8E502E6ED357713C54B68FAF264B1843EA42E6AB0F7C6AD7DCC1098B9042E1D5F15E93DB6F8D346F613D1F6A1D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" .........0...............................................P......>.....`...@......@............... .......................................(..\....P.. )...@......`...p...............................................................H............text............................... ..`.data........ ... ... ..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17208
                                                                                                                                                                                                                                Entropy (8bit):6.6141833133111865
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:JYzYQZrDroWmyLWyoWxNzx95jmHnhWgN7a0Wdd7/mcj9BtaFFX01k9z3Ay3mIamu:JYkA3EWmyLWyHX6HRN7k7/mi9WR9zB7I
                                                                                                                                                                                                                                MD5:66227035D9417A2E4B4FA6598FEA969C
                                                                                                                                                                                                                                SHA1:398C254B721337177A5BB236D49CA6E2B218095E
                                                                                                                                                                                                                                SHA-256:3A18C5B41B723D5DABA3088D621D4EB8DCEB97FA9B2C4A850D54FD4381DC3C22
                                                                                                                                                                                                                                SHA-512:26D4059CB06967641E5A935B36A7AB50FCCE0B7374E62BFE275B2C138B46ED9B8CF1E4B1F7C029586B8D9DD913F736EEED8C7E489A5FF682AAEF67DC2202E0E5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{............."!..0.............~/... ........@.. ..............................^.....`.................................#/..X....@..................8)...`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`/......H........ ..\...................P ......................................E....H.m`.D...&....z../.....~..%....A.:.~.bX...........d.kS..F.z...z.......*.....(..a .L.J~,&_kh.I.4..FNO.{B.-S.e.S.....j....BSJB............v4.0.30319......`.......#~..P...d...#Strings............#GUID...........#Blob......................3................................M.....I.........B.$.....$...[.....D...........A.............k........."...........{.......................b.....o.......$...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Loader.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.74808977719352
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:pDUElhzxNeW5ZGWnWxNzx95jmHnhWgN7awW59FeHqj9BtaFFX01k9z3Ay3mRcbe:dUEl38W5ZGWoX6HRN7g9EHk9WR9zBK
                                                                                                                                                                                                                                MD5:4ED4A34C35F7B26E8E246D16C2DE6A53
                                                                                                                                                                                                                                SHA1:2FD8657B37AE7750FE1CADC7D555041063CAF821
                                                                                                                                                                                                                                SHA-256:F106DF84A047BA38B018AB7BBA10E2D2D6B2A5FFE5762CE8208C339AF3BB21C6
                                                                                                                                                                                                                                SHA-512:3A7CC11E455ED511313366B5A2527BC52698B8958E9E7E20B56768C9561D10BBF13A2D327AE0467A5DC64F7643B8D16D6A65CAE1C4E1CED6F62360C9C535F90F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pp............"!..0..............*... ........@.. ...............................;....`..................................*..X....@..................8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .......................................1cc=.m.y-v..Z......9,.....8.5.....R..k.....tk.MM.i....s.^.Qx.D#$..t...3......@<........gy+.n.....^...#W....$b*2..b.C...BSJB............v4.0.30319......`...(...#~..........#Strings....0.......#GUID...@.......#Blob......................3..................................................P...X.P...p.....p.......v...V.....z.....).......1.....1...?...........>...............................P...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):330024
                                                                                                                                                                                                                                Entropy (8bit):6.652134966205565
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:K103Ufy7eeqvaM7BWp5lsQV57Q5t9dtIKcB9+:K10kfy7eeK7MlRV574t9dtUz+
                                                                                                                                                                                                                                MD5:3ACFFC369AECF966DD9C9E1F6FB966B6
                                                                                                                                                                                                                                SHA1:AA0A79D6AA6760A71B2A2E47E03BE0A43892FE1C
                                                                                                                                                                                                                                SHA-256:55D0E21E8AD1F851E0803AC655D9FCA5BEDA6692592FEE421C179AF64109DA43
                                                                                                                                                                                                                                SHA-512:DFB97F5F791CBBD7C308754BBEB4D63A0AFF098313113B931E74CF824F67B765D3667662840BCBA8DCC9BDB07960D83408B7227A1749A6905CD1851C7C0F15D8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@......................................................\J....`...@......@............... ......................................hn.. .......()......p...X ..p...............................................................H............text.............................. ..`.data...-#.......0..................@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):309544
                                                                                                                                                                                                                                Entropy (8bit):6.565288812451409
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:lzv7WOXu33WPEei5EZNqHRk5XDiio9gZbzZYNAgk74dzzKL2zLjRByB+dhBDIoca:rWLtBxTDhcnFUB2aKg97zc0
                                                                                                                                                                                                                                MD5:5D3970DB4A500B2349BFA20B83BD69E8
                                                                                                                                                                                                                                SHA1:A4DDB5936ABE75A46A83A293771B2434E3C47A83
                                                                                                                                                                                                                                SHA-256:748CCE10A02BBF3D24A1C6D7FEBFF0E5A8E7AE2E9C423BC904643B8D54FE6297
                                                                                                                                                                                                                                SHA-512:3F57F56FF97E63FA130A204DA1B63811D0B77EEC9B41A70F12204855B395CAB6C6169972C20B149DB4EF6148313FCCBEAF6FDEC5F228EDC06400711F6E9C0275
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....I..........." ..... ...`......................................................+9....`...@......@............... .......................................i..`.......()...........#..p...............................................................H............text............ .................. ..`.data...'N...0...P...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.748110626945014
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JkByVWbuodB5W+GYA6VFHRN7ykhpR9zldp:JkByWVdBRGFCl3D9z1
                                                                                                                                                                                                                                MD5:44DBC666AD269986DA0AA1D4870DCC43
                                                                                                                                                                                                                                SHA1:787AFE4CF6DA55E71A0BB946CCF9BF41FA0FA284
                                                                                                                                                                                                                                SHA-256:53BDE641865F6240C7C7228809953607A2609B72D096197EC07495E44686F87F
                                                                                                                                                                                                                                SHA-512:663BBD7021ECE6A80CE2E9A02AADA4EB5EEEE54155DEB5E389F28C3E45E7D4E31CD2E1C8A49D4F626CF5AC226B416C975AD76F0F4B4E8B756D136D950ED5019F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ...................................`.................................W*..T....@...................)...`......P)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ...........................................!....Id|....I.;........( G.h...Fb..U.<A..YM...s...<7.i)h.'?.....]...-...c.+.?..P..mR.="..^......Y....(y[.qK..u.f....zBSJB............v4.0.30319......`.......#~..x...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.......O.....O...a.....w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):39224
                                                                                                                                                                                                                                Entropy (8bit):5.151825928966964
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:tHWFISJBrW2ANFdBha0I5qzv80n+a8+gEOR9pnUkO2akIGt6HHD9ax15JRXSCX6r:tqxJBgjaVyU+g99pns3KNWw9zn2
                                                                                                                                                                                                                                MD5:977C08FFE5527A368DD5DC4F6E5743D5
                                                                                                                                                                                                                                SHA1:A9BDBEC552469651D6B74AAAA211DB2895BAD869
                                                                                                                                                                                                                                SHA-256:1439D12A15B1745DAC140FBBC659638D665A86F7ADDA6B4369D9F50E008256A6
                                                                                                                                                                                                                                SHA-512:0A588E32424B43D3EA74A7A8FFD7F54BD069F4BADF7A4C134DB8A8A25EBC49FCB472A3F76CC08FC2C9FCA026AE8FF6E05A2C943E45D757B09447C105343664D8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w+............" .....@... ...............................................p............`...@......@............... ...............................................p..8)...`..,.......p...............................................................H............text....>.......@.................. ..`.data........P.......P..............@....reloc..,....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17200
                                                                                                                                                                                                                                Entropy (8bit):6.683002357395069
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:awskrZI8NuKRMWsBfBBgWP5X6HRN7Mz9bt5R9zEx3g:6krZI8NuKRiJBBTWIx9zP
                                                                                                                                                                                                                                MD5:992AA05D8ABFFC669C94BD88A399D792
                                                                                                                                                                                                                                SHA1:916EF573E5D82591100DD06C6A6FA8C80A7418E8
                                                                                                                                                                                                                                SHA-256:D37E6A8F6B3882C3F601C80880E6A9721C42A175C29F553695B42C16774585B6
                                                                                                                                                                                                                                SHA-512:087F0A38A67246FADB517F54A0BEBFD11D7725D90960822137FAA82A3661FD18033C9761E70BB24D7551C84902D07721E2D10D1C8250BB51C53385136F78485D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........."!..0.................. ........@.. ...............................5....`.................................M...N....@..................0)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..x...................P ........................................"...;..%..;.......L.Q.^2~.m.o/6...."....8.jQ.>.fn..*....b...>.?+.J.[...p{.+.So...z..f...0..T....>V.Z.ug.9..4.....;\...)BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................"...........................W.a...............=.............Q.........R.......................9.....k.....m...................A.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.Serialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17192
                                                                                                                                                                                                                                Entropy (8bit):6.684282851066347
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:LkXP2tNCj8N8LWgMr4BHWGYA6VFHRN7GkELRPR9zjO0jQp:LkXutNCj8N8Po4BlFClxQ9zKhp
                                                                                                                                                                                                                                MD5:1B4D714283918CC3F29285ADCC30CAEE
                                                                                                                                                                                                                                SHA1:FE85DD75367C8AB9AA9CD6430C553A18237C1F8C
                                                                                                                                                                                                                                SHA-256:06CD0BD2011F05F72D0F413489443354D7946A33F6B78B1DFDC939A8F9080696
                                                                                                                                                                                                                                SHA-512:314EAA273347B7A28DEACB78E25D6495090E8DC5594C3CF443DE7D5EB748014B37EA19BA36543FCCC7FA6CCB1C259E33AAF662B05AF3F824B8717E67E555884E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0............../... ...@....... ...................................`.................................y/..O....@..................()...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ..............................................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Runtime.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43816
                                                                                                                                                                                                                                Entropy (8bit):5.851306072446327
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:2+1fsSED2vCeDQvRzXB3gWql6375IVxedktN7xPBhwsR/JG39QRoNvsh2JcfoDLu:KB/LuYdy50b4b7RSHTSkingzIh
                                                                                                                                                                                                                                MD5:DAC7D72763E59A64C0D706325B747D92
                                                                                                                                                                                                                                SHA1:5890F0EE30B86E01AB55D6017261554D16F6C916
                                                                                                                                                                                                                                SHA-256:9C506C9347F872C3375255F744DCF83B71A96FF71CBF4A19B39873FA22F73C22
                                                                                                                                                                                                                                SHA-512:4218CA96D6D2D4E24E3B6A70A87890A9035156D522D217F48999870F644548A7BC5C09B78B23DE41C5974C375F9D03ED49054A173B4230AE835FF808469CE50A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..x.............. ........@.. ...............................y....`.....................................V.......X...............()..............T............................................ ............... ..H............text....w... ...x.................. ..`.rsrc...X............z..............@..@.reloc..............................@..B.......................H........ ...u..................P ........................................!..d.?..:9.S...J.!j.op<.\.M...=...hQ.Y.5.../...Un].......)<..E....H..Ltf.'..*......R.....b.~.. t!...]....?..F.4.RBSJB............v4.0.30319......`....2..#~...2..T@..#Strings....<s......#GUID...Ls......#Blob......................3................................{......#...........6..`..6....m6..(7....4.. .....%.....%....m#.....6...!.6..&..%.....%.....%..s..%.....%.....%.....%.....6..........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):231696
                                                                                                                                                                                                                                Entropy (8bit):6.491225217557608
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:7XHFwjow9j0rKu8bmb3KD/L8V8/6Xe9QF+wVkjoxFwGzXGA/+PXuPXpP:hwjow9A4bmrA/mtFdWfuPh
                                                                                                                                                                                                                                MD5:AEC18CE525B03B3359FBC19E00D6FDED
                                                                                                                                                                                                                                SHA1:F69D5504D3A4107B43E743FB714B2EE8C340178A
                                                                                                                                                                                                                                SHA-256:DE77B6A860B6D1E9DBB6E260EF352AA9981A4A76C18A3BD144A6F8F041BBCF64
                                                                                                                                                                                                                                SHA-512:0D7BC1B94563186D36276E57FAB09D85F1269BBA230331077F61C8E96F53A0F97B99AFA6E6859C8A0F378C2B44979B2098C3841FF639B134041459C69FCE985D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}............" .........@...............................................`......-.....`...@......@............... .......................................V..t....`...)...P..H...X ..p...............................................................H............text...S........................... ..`.data....$... ...0... ..............@....reloc..H....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Claims.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):100632
                                                                                                                                                                                                                                Entropy (8bit):5.968533454375661
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:mt2q/as3w2pm4X+bX5SdluDQu6O/UZxOQwQ7rzUU3q2bP64LrSjYFFQWEzwC:mMU3LpmG+bJS7uP+pXSsFKvT
                                                                                                                                                                                                                                MD5:31E935263D51F39C224E403BD5D7CC00
                                                                                                                                                                                                                                SHA1:8AF5EFBC150D8F944ADF84F89BFD9C11D00183E1
                                                                                                                                                                                                                                SHA-256:9AEDEB23632F45084722906CED314074FB14E08478545A221AB6476FEBBAFF0B
                                                                                                                                                                                                                                SHA-512:6B95226C760DE73C85A4A9ED972C1F51F14B50087BCCAC290A31813FF3F6F882F7B5C7EE21352F504ADCB7324214827D32BF9FE1DC34447520D97A7C12758D1A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...m............" .....0... ...............................................`............`...@......@............... ......................................x+.......`...)...P..8...H...p...............................................................H............text....#.......0.................. ..`.data...{....@.......@..............@....reloc..8....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17680
                                                                                                                                                                                                                                Entropy (8bit):6.616772216364839
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:nXqqGWqkBWxYA6VFHRN71aEpcR9z0B7i7:XVFoFCl1aEpw9za6
                                                                                                                                                                                                                                MD5:3E2C2FBEF86A88B2BF2FD8B177FD6D0A
                                                                                                                                                                                                                                SHA1:3B2B791ADBF69F9A37597B80FBA9E9932E49A6BD
                                                                                                                                                                                                                                SHA-256:A28C5AD8CFC585C3D225B07AC28C359EACE65765EAA306FF44D7A6511262792D
                                                                                                                                                                                                                                SHA-512:6671151577CC961CE2C016543EE78C6197ED5BA9ACBAD855641AF5F661BB0BB4A5253E9E7BB5AE52253ED451F90818289826C242659ECCE405C25F1B0092C83D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A..........." ..0.............V0... ...@....... ....................................`..................................0..O....@...................)...`..........T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................70......H.......P ..$...................t.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.725385029818809
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:GvVnAxNaH3xA+Dr+jWx2fWRFWxNzx95jmHnhWgN7agW3GByMyttuX01k9z3Al6td:mbHh7KjWx2fWoX6HRN7W2cSR9zi6tL5
                                                                                                                                                                                                                                MD5:B00B172EC15D23D3BED84FCFA40D59D2
                                                                                                                                                                                                                                SHA1:2B98143649573E5DF30EE989D46D1DE956BDFC4F
                                                                                                                                                                                                                                SHA-256:A589AC8A9E90BA4F3E96CEC8B360B894DAB5FBDEF0004EF428258A9DC28D309B
                                                                                                                                                                                                                                SHA-512:3822F4DC24FF40893470D15E05E4E54933D19350227CF07696231A8C7EAF955AC4B303C075FED0AE2AB6C25BF790F889178C06F340F2D22BFA342231EEE6E5F9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..........." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.795290241765418
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sSbUikV/AvcaTAFCA3xAiHIRWLgtWhW+WxNzx95jmHnhWgN7acWVxwVIX01k9z3G:RbUlhfIRWLgtWwFX6HRN7eR9zEOrc+E
                                                                                                                                                                                                                                MD5:E593AE76E4CFAC375120915947952FF6
                                                                                                                                                                                                                                SHA1:8015474D50021C65A65867636086E4A8A3A6F347
                                                                                                                                                                                                                                SHA-256:5DA38D4A9EB67C2EF23B416A505E0FDB2A22FD5FE45D241645B37B5B5F0BCCE8
                                                                                                                                                                                                                                SHA-512:43C7368A394B119839BAC8FC2B0F9213307C84F297CE480C0BFA3DF6300F3AA7B55E64E789D1EF619E88364387CB11D2228015D3A2CC8338596348D7B2772A0D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6J............" ..0..............+... ...@....... ..............................".....`.................................}+..O....@...................)...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.7458016577263
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:szoXpW5ZWWLhX6HRN7SmO/7R9zj2INRSX:szoXGDpWfOF9z6b
                                                                                                                                                                                                                                MD5:FA0C6A5EBA91D8A8B17232345900DD2D
                                                                                                                                                                                                                                SHA1:75AE67259791C5D4F580A9D2E0E7A892CB3B0902
                                                                                                                                                                                                                                SHA-256:AA82B36AF87D73B54AB0F0E5EFD9FDB16AAA6D3F385F238364ACD36E482999F6
                                                                                                                                                                                                                                SHA-512:8A76EF22006A7D4D3DF580CE00D310574251A91E942400E39637B57840EFE8386E51E27C92839E63038397CC900EFF43FEFD68A6E8820FF0C03CAB924F7DF812
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..............*... ...@....... ...............................w....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.84073937768766
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sygdxAWK9WAm5ijRW8ZpWjA6Kr4PFHnhWgN7acWLmFGyttuX01k9z3Al6tLw737I:ca9WAm5ijRW8ZYA6VFHRN73SR9zi6tLr
                                                                                                                                                                                                                                MD5:09D34FE80AF19BF5B77BBEFCC01F6E6F
                                                                                                                                                                                                                                SHA1:0A4FC9635C6710682C6D7FE32F91DC28C29ED7BC
                                                                                                                                                                                                                                SHA-256:F644B4FA91D1BDC0596F390C99A123C206D0115FDD18CE778A23254066F46270
                                                                                                                                                                                                                                SHA-512:E8131DB3070617A09955EFC7D267B2687A6FCFB7BD061FE027B54721C461E4D7119A0E80DD346865D187BE548001064A900479E99922835D90EC1222659D3DEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0..............)... ...@....... ...............................U....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.783350992582665
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:IJ6y3F1cxAKh7jWI+3WepWjA6Kr4PFHnhWgN7acWWPVs8RwX01k9z3AzBhJ:pW7KLWI+3WeYA6VFHRN7Re9R9z6HJ
                                                                                                                                                                                                                                MD5:67BD5079FEA8657220315ED9B2DBAF97
                                                                                                                                                                                                                                SHA1:63F0A66127FEF3021E2B64B53758FF202C3318FD
                                                                                                                                                                                                                                SHA-256:13BC715968175667FEC2E02B13300F5DE2A867B754B79439D2633FF3F9240560
                                                                                                                                                                                                                                SHA-512:05B77B8A04F623F79E91D3381FFBABE7865089EFEFBEB29CDB016856C80D2CDEEB72473872D237B9A23F937CEE82021165BFF05E51065C4F8DE71B5B273A6EA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{x..........." ..0.............z+... ...@....... ..............................9.....`.................................'+..O....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................[+......H.......P ..H....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.ProtectedData.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):37656
                                                                                                                                                                                                                                Entropy (8bit):6.5556240105252215
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:2iw9pjvYwx7FVx7YvcT+ClqBN0WrRxw9zew:2iwLkAFXfllq0WrIzew
                                                                                                                                                                                                                                MD5:FDA921FB799406EB3F8F68B23A4690A4
                                                                                                                                                                                                                                SHA1:9BF2AB8EE33A83F88898AE1E29C9EE58B298A277
                                                                                                                                                                                                                                SHA-256:DF4611DE8DA1B0A9C643C94CDCE53FCBCFF3B6169AC6482DB917D47DD3BCA0C6
                                                                                                                                                                                                                                SHA-512:D142EF66DBAF43E5F0A20DAD448F0FA1F903B42318A0B310DB3B29B9DBD27FB62C6CBB635CA6D5ABE61CFBE3E5BB6186D28D8E11E8ECA12239A2ACAFF4944C90
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..^...........}... ........... ..............................yE....`..................................}..O.......(............j...)..........||..T............................................ ............... ..H............text....]... ...^.................. ..`.rsrc...(............`..............@..@.reloc...............h..............@..B.................}......H.......8'...N...........u..8....{........................................(......2.. ...._ ....`..s!...%.o"...*..0..........r...p..(#...-..*.*.~u...*....0..........(....,..*..(.....o$......&...*..............*....0...........(.......(%...-..,..*.*.(....,.rO..p......%...%...(&...*..('...*.(....,.rO..p......%...%...%...(&...*...((...*.(....,!rO..p......%...%...%...%...(&...*....()...*..,&(....,..rO..prO..p.(&...(*...*..(+...*.*.(....,.rO..p......%...%...(&...*...(,...*.(....,.r

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17184
                                                                                                                                                                                                                                Entropy (8bit):6.739673851144617
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:kw7H2ocvxA4fjxWemfWkqWxNzx95jmHnhWgN7agWMVkCY00pyEuX01k9z3Aly+E2:DH2ocZpWemfWk5X6HRN7LVVEpcR9z0Bv
                                                                                                                                                                                                                                MD5:3CC8CAEBB57D05D1909F39A6D647B901
                                                                                                                                                                                                                                SHA1:29F8797E4DD7F5BCD863FFBB7888029BD363361B
                                                                                                                                                                                                                                SHA-256:5826E377C017BB5C872E173DB728BB38FF072D1E0FB26B8E19B9ECA088752918
                                                                                                                                                                                                                                SHA-512:927D96034350439D2DE069018158A2A9F2C9BDEA8520AA09B3232ABD2C2283B41EEBD2A661A46333D4F95339B5191FC72F6F192FE7C6C6C4428BAD5661CC76C7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0............../... ...@....... ....................................`.................................s/..O....@..H............... )...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Cryptography.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2050328
                                                                                                                                                                                                                                Entropy (8bit):6.67414937170935
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:edeK2ZryEXV6VZMxfVRVgmJE2Jjd6ECxObm8w3b41R:edeFfxfxgeu41R
                                                                                                                                                                                                                                MD5:18921E60094E6EEB74476CA10F785368
                                                                                                                                                                                                                                SHA1:CA39FBBF0481B521F289C189892CD4BDC6D2D09C
                                                                                                                                                                                                                                SHA-256:028606C9C16ACDE6BC7874809E2417FE6FD7BA94D3DCFD04CFCE5A4C21F16FF4
                                                                                                                                                                                                                                SHA-512:0BC5B20C232E9F13EC372FA6BE23DE495D9EE0FDBB577C104EBCDA0EE349F9282A68B3C88997337EC2ABF0DAC01885143BC9188B3308CAC5C1263112CDF8495F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`................................................... ...........`...@......@............... ..........................................d.... ...)..........P...p...............................................................H............text....V.......`.................. ..`.data.......p.......p..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Permissions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):92536
                                                                                                                                                                                                                                Entropy (8bit):6.1674565969059065
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:MOL/mLfHu4bKQI8qWMbnFMRyWBLa+o6jcxbgbfW:efpKQI8LMjFMzBLa+o6jtK
                                                                                                                                                                                                                                MD5:3A92C18C24D85F60F23BECD852F1510A
                                                                                                                                                                                                                                SHA1:F8EED1FAD4218F32A1251FAC65D42DBED903FC77
                                                                                                                                                                                                                                SHA-256:74EF3B67960A9B569FED9AC457157769DBFE433B0F4FA13C52167C2246BFED71
                                                                                                                                                                                                                                SHA-512:BACDF908AD5A92577EB12EF3A7342B8D4DAC67C5D8FDEEEAE044677D0D35DB64CAF9878C1F1B96F30549849AF3351588AA5271C1C6D2B6003658554E553D4911
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..<...........[... ...`....... ....................................`..................................[..O....`...............F..x#..........8Z..T............................................ ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B................b[......H.......(J..0...........XU..`....Y........................................(....*..(....*2.(....s....z..*..*..*.s....z..*.0..1.......(....,..%-.&.*..(.....o ......&...,...o!...,..*.*....................(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r...p......%...%...("...*...((...*.(....,.r...p......%...%...%...("...*....()...*.(....,"r

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):186640
                                                                                                                                                                                                                                Entropy (8bit):6.420537455369693
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:72kZDNC/sCTyRdtl63xJYrwkpDCRi1CSB2TOK1BguZbKXm:7U/sC6Ll67YrLpDCR4B2rPjxK2
                                                                                                                                                                                                                                MD5:7C560E02F8DFD723471F71CB71C0CCAA
                                                                                                                                                                                                                                SHA1:C1EA98009AEA6C3B12E078965CA3472E44EDA305
                                                                                                                                                                                                                                SHA-256:59815FEAB7B47ABF6E7D4231A7081452B256704A3834C6A927A9E74C03897B9F
                                                                                                                                                                                                                                SHA-512:32120BCF4D3E5C7A5AE676688FA8F0102C752E059C5EAF8987B37EAF3436C6892F9D1E7B3C531DB808E1E554316E24ABB0E3848705517833309954EBD537B037
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`...@......................................................g.....`...@......@............... .......................................N...........)..........p...p...............................................................H............text....T.......`.................. ..`.data....&...p...0...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.Principal.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.8053996554852345
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:CB0LZxAyk4jWVUmfW2fpWjA6Kr4PFHnhWgN7aIW5agiZTOebR5X01k9z3AZZNFrg:zLD+uWimfWcYA6VFHRN7b9bt5R9zExr
                                                                                                                                                                                                                                MD5:C9285D5497F2850234F48A0CF5619C0F
                                                                                                                                                                                                                                SHA1:1B3AEAF0C40E401C1A2B4C19EAD12314B5782DDF
                                                                                                                                                                                                                                SHA-256:902D836B8CB066DC2279E4DE0979B5A380BDCCCCFA69634BA51111CAC2BE2F44
                                                                                                                                                                                                                                SHA-512:5EE72864A21C23B1AF540DAD95D67348837467A3CE19478B02223EE220441E40388B97C8E1110452F32EC2FB04BB63B649E49860153B5B1DF3F4D37D1C37866B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J. ..........." ..0.............j)... ...@....... ....................................`..................................)..O....@..................()...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.SecureString.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.831153527632702
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:XMBPxo2xAjD/W1O3Ww81WxNzx95jmHnhWgN7aIWbTmAg7iDtagQ5X01k9z3ADqng:El6/W1O3WwpX6HRN7lriDtdQ5R9zaqcx
                                                                                                                                                                                                                                MD5:8CC719E1BA62CA6F7BAED90FDE41BF8A
                                                                                                                                                                                                                                SHA1:6F28D219D46E0A87658E0C46C5DABEFAE795F121
                                                                                                                                                                                                                                SHA-256:1AF90D82A617AFB3BCCFEEA39B6D18CFD3A7C93CC80C8B75DBFF0FD2E75E7BD8
                                                                                                                                                                                                                                SHA-512:E693831E7C4DE5BF2BF955A64D27B84F9ACABDC2BC6D7F150C582CE05E430C36BF48B22680E9A9831AE73A0615FD522576C22DD015CDE7D629413E200E5F138C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y6..........." ..0..............)... ...@....... ..............................QU....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Security.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18712
                                                                                                                                                                                                                                Entropy (8bit):6.530599284978063
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:jIhDM3WsKDWYX6HRN71nRxB+R9zpj5g9Z:jIh4iPW1nRxw9z15sZ
                                                                                                                                                                                                                                MD5:0E43639AE0E98F9148C913477276A391
                                                                                                                                                                                                                                SHA1:507E7B61569746ED20B920BCAD7D5C803D1E7736
                                                                                                                                                                                                                                SHA-256:C0F486C4FC818613DFC50485F7201B5A59A79851C3CCAB2FD75EDAB2456C33C4
                                                                                                                                                                                                                                SHA-512:1340334B451CC8F81D4FF525F5EE47988E3339921A8891CB5B0026E32669FCC0363D560478C05A81A7AAE4C81CE018CBD0DD6510DE94DED13B0892CF0EB424D7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...OZ............" ..0..............4... ...@....... ..............................+y....`..................................3..O....@..X............ ...)...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................3......H.......P ......................P2......................................BSJB............v4.0.30319......l...H...#~..........#Strings....h.......#US.l.......#GUID...|.......#Blob......................3................................O.....................0...........3.......x..... ..... ........... ..... ...r. ..... ...*. ..... ..... .................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceModel.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.64645995156569
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:y3nspYI7GWGlM5W6WqWxNzx95jmHnhWgN7acWUlM/wKUWX01k9z3A/ylK:ptGWyM5W/5X6HRN712R9zUoK
                                                                                                                                                                                                                                MD5:E6CEF184273D2FE35362FF4E5D866FF7
                                                                                                                                                                                                                                SHA1:F6A57545875E5B8E1C8C05C0040BE9EA78207E3E
                                                                                                                                                                                                                                SHA-256:3D08EB5338C0C588C1ABD53FE726BAE0607E0B50312F0079B678E3759FA1ABBF
                                                                                                                                                                                                                                SHA-512:83D7671DC0B7E99068C8F322B1A81B090B54379EBEE2F9D6FED4104A138BDA4202EB92394B003134B73B9A2317A6592AD304C1435C7EBE5DA1953B1761130477
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1..........." ..0.................. ...@....... ..............................i(....`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):90376
                                                                                                                                                                                                                                Entropy (8bit):6.018416436217948
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:lgSTcNhffVHJWYMqX/SNdLWPFk+Z/7cGGFvTbUzw0N0DVikEp4zK:lgSUH22mai+Z/7cGoAw0N4VzXm
                                                                                                                                                                                                                                MD5:B79DA936AFFCE1000CB850BF8D06CD81
                                                                                                                                                                                                                                SHA1:89DB491EBB936406A9DAEC3D0E239B05A577A9BA
                                                                                                                                                                                                                                SHA-256:E238F591524D5410A6EA11020DAE4D8944509C8702DB8D2AB74DFBB3D1CEA140
                                                                                                                                                                                                                                SHA-512:767A6957C1F4061D14E82A9CD55E545777917A69976D49B3F1D044D0850D2555E534ABC78CCF4C624C7AE43AA4D8796DDC7587927A5466C474BA4486F12C0686
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.)..........." ..0..,...........J... ...`....... ....................................`..................................J..O....`.. ............8...)...........I..T............................................ ............... ..H............text....*... ...,.................. ..`.rsrc... ....`......................@..@.reloc...............6..............@..B.................J......H........Q..x...........p6.......I......................................6.~.....(/...*R.~.....(/.....(0...*z.(1...~.......(1....s2.....*.*2.{3...(....*..0..........r...p..(4...-..*.*.~u...*....0..........(....,..*..(.....o5......&...*..............'....0...........(.......(6...-..,..*.*.(....,.rO..p......%...%...(7...*..(8...*.(....,.rO..p......%...%...%...(7...*...(9...*.(....,!rO..p......%...%...%...%...(7...*....(:...*..,&(....,..rO..prO..p.(7...(;...*..(<...*.*.(....,.rO.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ServiceProcess.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.754179132368782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:9NNuGxAo1BpWnielpFWYilpWjA6Kr4PFHnhWgN7aIWjvkYHnsTX01k9z3A1WdS:NHHpWnielpFWpYA6VFHRN7BYMTR9zUS
                                                                                                                                                                                                                                MD5:E5C676801CA76BCBF074E99710503F02
                                                                                                                                                                                                                                SHA1:63C05E75C9862CFEE2B26FCA0BE3F1FB4C37E175
                                                                                                                                                                                                                                SHA-256:634A5D94940A58BC90AFC5DFC90839359B0A9B2F7E0D7F12CDDA3281DF96418F
                                                                                                                                                                                                                                SHA-512:4CFB1A78F5698345174BBA119D51E48BC85A8381D8174231A7A2DD65C0281E726E34260B5EA5D1AD71DF5580070D4B4017CA4D3D9CF0592CA25600EE58FFD328
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..............+... ...@....... ...............................&....`.................................?+..O....@..................()...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................s+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):862512
                                                                                                                                                                                                                                Entropy (8bit):7.457167201577773
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:pf7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPSYBKgTWeybo:pD9km6k/IwRYbiBeKGCBYTyhs
                                                                                                                                                                                                                                MD5:ECB1B379B3BCB01ACB12FAEEDFC5D01E
                                                                                                                                                                                                                                SHA1:69BBEA3B222FF7566FA746572022F77F81122AF7
                                                                                                                                                                                                                                SHA-256:85F3296C927E27E28461F6325A05504C0AEA8B93CA79691542E2A9E9AF92D3C9
                                                                                                                                                                                                                                SHA-512:CC3E2AF695AF5AF4CCFDD981B15175A2525EAEBEB9BCB87C094E23FB156C7A50651B6600961741A0CCB1F7ACF2D38394F5395A846736371CAA6A1FD21FB1643F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3l............" .........@......................................................g.....`...@......@............... .......................................B..p.......0)......<...8...p...............................................................H............text............................... ..`.data...`!.......0..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.7352349940283025
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:h7mXhp/SxgZW6sJWDWWxNzx95jmHnhWgN7agWP3zzccADB6ZX01k9z3AqRrimR:h6xiUW6sJWDdX6HRN7azzccTR9zlRrT
                                                                                                                                                                                                                                MD5:7B3BDED48604BACF38173A19CB38F269
                                                                                                                                                                                                                                SHA1:9D15D2AD99F7437C9AE1775898C739712F8E5F93
                                                                                                                                                                                                                                SHA-256:A875D0785CAE18EE30DB531303C166BA1A1D30C0CA4AB8EDD38FE04056F91EAA
                                                                                                                                                                                                                                SHA-512:A34CAD7DC195B6C5B8A5C89E3A93083B1D401B5F772807524CEDE69210B04BF8FE746D9925C2FDB18B8D0F7636CFDFE48CF26FB0095500739CDC48E141BF344A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^*... ........@.. ....................................`..................................*..X....@.................. )...`.......)..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@*......H........ ..0...................P .......................................:...f.r....j..:..........u.z..n...7..&.....:..75o.=n..j~~.Qe..S..H....B.u.:..S.......Jw..........."U.I".$.1.........J/D.\BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................O........."...........;...........f.!...!.z.....z.....s.........;.......z...[.z.....z.....z.....z...B.z...O.z...v.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encoding.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.725439980411438
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:vzLJxAKpjWfgNWeWQWxNzx95jmHnhWgN7acWGPh3PMx6RMySX01k9z3AcyxaNIP:jJWfgNWzPX6HRN7PP9LMR9zPyyw
                                                                                                                                                                                                                                MD5:A16009A8EEBE01B264F1BD291D51DAFA
                                                                                                                                                                                                                                SHA1:7B4646DF65B243BBF2134594B08082F7CFE8F4A1
                                                                                                                                                                                                                                SHA-256:5F1FAA88187672DC240B18D4199BB8040BBE8F3F7EEC939DEC5ABB1407137D22
                                                                                                                                                                                                                                SHA-512:8EE0BDDA4F5BCDEB139C0D225E10385DA131808E7279EBBF2ED81CED81797A4E9118FCBCBAE46C07545D0B9D5C0527B81FE63E8543FDDC55125560518E676B9F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ql............" ..0..............*... ...@....... ....................................`.................................a*..O....@...................)...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133416
                                                                                                                                                                                                                                Entropy (8bit):6.122557067980221
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:2bTDQlE37ykm3E5T+zpq5D3lhjdPTp8K76+d05HzdyRNX3Mpm4+SqUTiSc9zt:2bTDQlZx3E16qvZ5N77uLINnMkSqUT4R
                                                                                                                                                                                                                                MD5:3AD11258AF678B2C75F0010EF78BC7EF
                                                                                                                                                                                                                                SHA1:68B5984401243F1071D73EB0E3F021E043A17EB1
                                                                                                                                                                                                                                SHA-256:CF456FA426BEF36E8ED5D71A3FAE3EFAD06F5425A53BDEEF427124DA42409D09
                                                                                                                                                                                                                                SHA-512:A2D904B99F4935648C7471569DD4FF81BD89A9AC1BB7931390BD3872E691B3B58BCEDB48961E2AAA3AA8C04227887D2A1CBAD6B41C416AFDDFD002044C3104C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....v@..........." ......... ............................................................`...@......@............... .......................................-..X.......()..........(...p...............................................................H............text.............................. ..`.data...}...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1501464
                                                                                                                                                                                                                                Entropy (8bit):6.712609643579495
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:8tH4NwClgTsJL6Tb/DrtY5uR5K91CSVcgtl3yM8cVUgHTHLP4:OHlTs4rDrtj5o1N8ca
                                                                                                                                                                                                                                MD5:07C161588790210444DC12F77D7CE1A9
                                                                                                                                                                                                                                SHA1:0F2E4407C0A4F25759A94488646B626DEA7D8785
                                                                                                                                                                                                                                SHA-256:93B1E1E677045AF7AAF17A9BFA9EA81D944E0918A94EB3492B78B22948550D47
                                                                                                                                                                                                                                SHA-512:7AF614FEC989F5AF4C5A8B6787109CEBB98DB23783C4CBBCA22847DB8A84C515FDD87978CE96DD42D2D1B48E2F27BFAEEC8456C422923C6DDF35FDA3F4C574C4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....w............" .....0..........................................................Y.....`...@......@............... ..................................................)...........R..p...............................................................H............text...F........0.................. ..`.data....R...@...`...@..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1022264
                                                                                                                                                                                                                                Entropy (8bit):6.8216381706865095
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:zx/dsuQ+B/b44HO2inDiv67tAEehjqnQf8:dQEb44HKivIehjyn
                                                                                                                                                                                                                                MD5:D02946E47FC19B1C831A811808342B75
                                                                                                                                                                                                                                SHA1:55739760E02BAFDA656149D052EEF444E68FDD90
                                                                                                                                                                                                                                SHA-256:0FECFAC9BDD40C258F720FAC301E3722EA9FC245119E43DD30D181A9B1072DBF
                                                                                                                                                                                                                                SHA-512:74FBB915D948C26F91D6295539A119C9E2B5B0C9877CAAECD0AD02F06EEA26B85AA2BF05CFF12A00098508859CC039A21D3D8AD10E04E1A969D280CCE2323290
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....U..........." .........P...............................................p......cj....`...@......@............... ...........................................G...p..8)...P......p...p...............................................................H............text............................... ..`.data....)... ...0... ..............@....reloc.......P... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Channels.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133408
                                                                                                                                                                                                                                Entropy (8bit):6.278452778470254
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:1T3t+/kXS+F3g2vlsEjd+fzs6Fls5JQzWoioIR3cBPdzyWBTzAp:1T3tYkCQQQmEjd+ZFl26zri9r2TUp
                                                                                                                                                                                                                                MD5:03A17E0F4DA9EB9C6EBB6E10CA241757
                                                                                                                                                                                                                                SHA1:612D03F4162282670D7276836B319F201DFACBD3
                                                                                                                                                                                                                                SHA-256:985DF4C7AC42C3447490BEC7653F111E137A88AC633BDAB6D0FDFAD23CB22095
                                                                                                                                                                                                                                SHA-512:39C1E597B35524E881902DC6F8946466EBAEFF404433A813DF7221DB316D3E1886A274065CF127740B31AD370F76D7C66B1FE7B965AD50482A0D624365922912
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|.$..........." .........@......................................................_.....`...@......@............... ......................................L7.......... )..............p...............................................................H............text.............................. ..`.data....#.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16144
                                                                                                                                                                                                                                Entropy (8bit):6.739782129844139
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ZHYCHLcH4H8HUWcuHWIYA6VFHRN7G/7R9zj2IUH+:LWTFClGF9z6S
                                                                                                                                                                                                                                MD5:B27644E15572E13CAB812C2031D76610
                                                                                                                                                                                                                                SHA1:CD2D27ECBB2E4D703CF2C253C6575CE1B53F3F24
                                                                                                                                                                                                                                SHA-256:00EE20495CD0531670CC761FF6B29A0230CF7C8FE607FCAD79567C5D1D01FF57
                                                                                                                                                                                                                                SHA-512:EFE0493109B04FAF580A745EC7FB120F0688C2E374F9447D06BFA742F2257E69E0E1544C3393AAE4EDB13B986396F20E90C2B32F480A75753FB8BC8E8500C8BD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............"!..0..............*... ........@.. ...................................`.................................;*..P....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..p...................P ......................................k...O..`.:b.v.$.]..],vO.#0.l...B^.....]C....%].%.../...H......._...f.9{...qFid..,>l.....S\.8..cQ.n....xV$....{.]..6.s.\. sj...BSJB............v4.0.30319......`.......#~..p...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c...{.....V.............c...t.....}.................9.....................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):489736
                                                                                                                                                                                                                                Entropy (8bit):6.715658217779917
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:x//X6hS+34BkQb8tA7nPgNKMpFI6bB5v30xhZWX9gL+i:xr+I0urMvR5vExhoX9gL+i
                                                                                                                                                                                                                                MD5:3356784EF4FE8C2678C85D417848A48E
                                                                                                                                                                                                                                SHA1:89E60DFB18514CA65A9606B93B7D2BA7B4BCA5FF
                                                                                                                                                                                                                                SHA-256:FB97F3ACD266AE1F0D25BD4CB77818AE1D154FEA3B46F2C1A3ED1EDB842F46C9
                                                                                                                                                                                                                                SHA-512:1C3AD7582BD3F5B77019D931EFEBBB3E79960AEF51D9624E00E183783E6F55CA2CA5BD09CF49B924C1970E10A92261230A14420D85694E04EC46F9A7DFE2107F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]y............" .........................................................P.......i....`...@......@............... ..................................l......,1...P...)...@......h"..p...........................................................p...H............text...2|.......................... ..`.data...M...........................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.769727575357376
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SCVm05B091ncmJQ8fxGWSOXW5YA6VFHRN7l9WoJR9zgy:1VpM6urmFCl/R9zH
                                                                                                                                                                                                                                MD5:740A782D6B359CF77C9E7A1ADAB24F77
                                                                                                                                                                                                                                SHA1:8695E898EDFF87BA40B0D9A9C8CDB901A0C3C195
                                                                                                                                                                                                                                SHA-256:B1DC1408C74380CB9F02D9B9BB3B550770B98E27D377E60F216C4B14D602356A
                                                                                                                                                                                                                                SHA-512:31759B0AFE7EE71BE2DBC56C7273B9B125B9AC298B644ECCC60AAC7BFA1436BC72508C65D95353DCF944A49434BCE02C88D43B2A1E4253666C7F80FE741689EB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............V+... ...@....... ....................................`..................................+..O....@..................()...`.......*..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................7+......H.......P ..0....................)......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................s...............1...........A.......O.................................W...........1...................p...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133424
                                                                                                                                                                                                                                Entropy (8bit):6.345631677255552
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:hgookDn4z7gSCyhdrhYnS+5atmkg9nE3rVo9kQXL:xTEw3yhVh/h3rVoOQb
                                                                                                                                                                                                                                MD5:E4248B0D435DD54DE832467B13489FAB
                                                                                                                                                                                                                                SHA1:32F6B603442302F627BC5DABFCDB5AAAAD44281F
                                                                                                                                                                                                                                SHA-256:43D450BB7B0D440ED0D7F9A933E68E69CC0E2591B5B4D6B81C682EB7DCE85548
                                                                                                                                                                                                                                SHA-512:27A095A634F88193DA5B3507363B753B1008674789EA50C66E582CED633D48D6EC1042FE7BECDF65085E29F5BE979E9EF5BB7AA930E14DB21BD4C903AA94C575
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#E..........." .........@............................................................`...@......@............... ......................................<4..........0)..........H...p...............................................................H............text............................... ..`.data....$.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Tasks.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.623536186140361
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:laf4fk3CBFoq19k9WHazWbIX6HRN7NejA2IR9zJNml:laf4BLonjWNgU9z76
                                                                                                                                                                                                                                MD5:4B0EBBC7AB26C4FA2712DC1D7A9A430E
                                                                                                                                                                                                                                SHA1:7E4872B4C2DA8CD8C39421EECCFEDB644F7F5882
                                                                                                                                                                                                                                SHA-256:71F1B7847ED8C9DF6DB99ED7B756E4B846FEC646D8A8033C16A3945378AFC964
                                                                                                                                                                                                                                SHA-512:339EEC43B703566A3094718FF28066E2A6011C3DCBAABCB3C7079CBF466D88F91702FB6BD8342DF08046854B6AC0B37A756A4AE7AEF20FD9A2C5D63477B73674
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ...@....... ....................................`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Thread.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.77418439872863
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:u4z2EI0W8tWcC7WGkX6HRN7cN8KER9zlZ:uOQvEWcN8R9zf
                                                                                                                                                                                                                                MD5:00FE534A33B1F18DD900DF89E17F73DE
                                                                                                                                                                                                                                SHA1:0792678A143E8ABDD57837D4B67D187B74570835
                                                                                                                                                                                                                                SHA-256:ECBE1CDE0DE93B08489005DE9B2BA627725DC55646735DCF0F027E0E1FCE6F6C
                                                                                                                                                                                                                                SHA-512:5AD071C4574453FE242344696DB8D132386CB05398C241F003C5643CC843C354288BB2C9A91BB6E0B8DB3E126B747C34BFBD01B51255C82DC6C237B86686E73A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^+... ........@.. ....................................`..................................+..P....@..................8)...`.......*..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..H...................P ......................................."r_....e6...@i..$...{.A;...;a.s7......i..>...b.Hg.u[..........4..$^..w..N......^...L>+..........%..&9y.;.. .T.9.........[BSJB............v4.0.30319......`...|...#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`...........T.............y...0.!...9.!.................................u.............@...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.729725204835813
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:12ctmTqd92QxcNauUWEmvWGWYWxNzx95jmHnhWgN7acW9vVKDUX01k9z3AyCW6Ey:RtX92OcYuUWEmvW73X6HRN7g9pR9zldK
                                                                                                                                                                                                                                MD5:C5F1D1ECF20663D3C1BC58887FB02131
                                                                                                                                                                                                                                SHA1:FF1860873F1CC59E9EE1E95992CDF6BA3B8E30DB
                                                                                                                                                                                                                                SHA-256:5913E28B4B0E1D9A722C378557FE4AF7DB39E8A5E916ACEF6EAEC9A78F5B4A35
                                                                                                                                                                                                                                SHA-512:0B000EFC667A85D36793D01456886BEB56BB96D8AE89DE84E5D49B488092AFA272578733DAC2CB147F87E94A60F17DB8E0FD2EA72E868F331A9F07CEB44A85E2
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0.............N*... ........@.. ....................................`..................................)..T....@...................)...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..,...................P ........................................D2.m...)..4...Ya.....B...z...T5.{...g.cH!..........H.K......{...J..K~c*..D..4*h,K[..b...Efd&.y...S..&T..E6[..._.a..O[LBSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.....6...................................p.......................W.....d...................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.Timer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.780056232573692
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:aeF6QoqNSEMWs1CWEX6HRN7vuc9WR9zBBGj:aUov4WvA9zbK
                                                                                                                                                                                                                                MD5:0A7251814B8BED94B4446C313D1BD7DD
                                                                                                                                                                                                                                SHA1:4BFE5154B22D587A69B1F8BB02A745A7CC0F6AFA
                                                                                                                                                                                                                                SHA-256:4A3352E5C4886501A6953E4C6448E389EA21C098A21638ED188A55C5A0C0E987
                                                                                                                                                                                                                                SHA-512:22E06FAB674F06A141C1631C483B885EBB8EC48A96C164ED69985E675CC3FEFD71E5BAAC6D29008379CD0B1C6D16928917C2BB1D58A016294C6580DBF93415A9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R............." ..0.............&)... ...@....... ..............................%Q....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................d'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....|.......#US.........#GUID...........#Blob......................3..................................................3...x.3...3. ...S.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Threading.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84280
                                                                                                                                                                                                                                Entropy (8bit):5.968460814469461
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:AWgoICPLdImrmODZcUBeZ8j0GEH9wd633GRm3LGgLWz9zu:AWgo9PL6FtZ8j0GEH9wd6GR4GgLaS
                                                                                                                                                                                                                                MD5:932A0C2978B649703C40B260B1955D26
                                                                                                                                                                                                                                SHA1:E9A4C055BC14B3A2DB5BC5D0CF838E79838CE8E0
                                                                                                                                                                                                                                SHA-256:15CC9DB291B87042F1AB4319F8D04F4CD226F15BF88BF0810B31DCD50FB0BB7E
                                                                                                                                                                                                                                SHA-512:51D6D767425FA1AFA0ACD5A149B99D4C62BAB174ECD7485211E9B9635EB876319E8AD2A96D9A7CEF26BEB855DA3661B26912F05014F6DC22CFFE33306D9988E4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... ............................................... ............`...@......@............... ..................................d....'....... ..8)......T...h...p...........................................................h...H............text............................... ..`.data...............................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Transactions.Local.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):661792
                                                                                                                                                                                                                                Entropy (8bit):6.67434786359905
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:W/JxQHxtiM28JQUegnzVx3C9jB25sx91G0:W/r7wrzqg5L0
                                                                                                                                                                                                                                MD5:1944601E5186DB41729C8096C8A08BF6
                                                                                                                                                                                                                                SHA1:DD637874B36356698C54DB5DB565580C2183627E
                                                                                                                                                                                                                                SHA-256:981215F0EE08D156867FAAFAA17F9D97D409BE691BAB0BD330D5BAB864FA04F3
                                                                                                                                                                                                                                SHA-512:185C2B7994AD40F31FEFA4DAB46167477D0371850D2B7C62D87DEE8C4F746AC6C6D55CC6BFD85A1294BEC0273E88233D94A9096DDFD791C0A9FA45B938A6D610
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../5]..........." .....@................................................................`...@......@............... ......................................h...hI...... )...........4..p...............................................................H............text....5.......@.................. ..`.data.......P.......P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Transactions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16656
                                                                                                                                                                                                                                Entropy (8bit):6.711937162453506
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:rw3RC0uWzliWkYA6VFHRN7P4EpcR9z0BHky+:03RC0xoFClP4Epw9zaHkb
                                                                                                                                                                                                                                MD5:18BA1339DDC5D2FA9B78F7AC1C18624E
                                                                                                                                                                                                                                SHA1:FEA42F32DF780D9E9B180B149BC051DCC4C2CECA
                                                                                                                                                                                                                                SHA-256:033AD774B53A4CFF5AE9AD00AD51FB44FB7E34CCE86BB88E077046BBDE82094E
                                                                                                                                                                                                                                SHA-512:692E2FB1E69480A1D3264ED6666A2F0CAB1E05CDD6EE85DAFD58BF495443094DCC5D94864A2ACA6E7525129DB4F1442C3B80B52FF2C129E06C86DE6330A10605
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ..............................k.....`..................................-..O....@..x................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.ValueTuple.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15648
                                                                                                                                                                                                                                Entropy (8bit):6.81235116499574
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:56yhm7Qv3Wt7VWhWqcWxNzx95jmHnhWgN7agWaNVAv+cQ0GX01k9z3Aspnkf5l:8yh93WtpGWqjX6HRN7PNbZR9zBdkfP
                                                                                                                                                                                                                                MD5:FA3ADB76CA6EB3A67A5E4B6B24338726
                                                                                                                                                                                                                                SHA1:57EA6862DB7DE23B47C34A804C0F1C10E3BC19A2
                                                                                                                                                                                                                                SHA-256:4B3C5F41F52F16E2F4EC27BE12610A8437DE61F2B4CE53E383521A74D7937F44
                                                                                                                                                                                                                                SHA-512:906624CE50242A01B84603D8100AC37C73B55821D111EB56186EB2CB41BC27945FD69DCD140DEC88FAD42C5A62E5504F72E78B0C21BFC7DF39CD3C7290D84E6A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i..........." ..0..............)... ...@....... ...............................2....`..................................)..O....@..h............... )...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Web.HttpUtility.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):59704
                                                                                                                                                                                                                                Entropy (8bit):5.885165737065941
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:FERA91+CQcmHLnDWrdg7JvYJ2QWMVkDOBM7dWs3zXfXSXE2/2dAWCio9zL6:FSA/ScknDa2tYmwkDmmwWzvC32yWrgze
                                                                                                                                                                                                                                MD5:CFE673CE2D26EEF64ABEB7B7696177FF
                                                                                                                                                                                                                                SHA1:96321BE02E912B7813C8A3743CC15528A0DE0BA6
                                                                                                                                                                                                                                SHA-256:F1A590E321D86848C924055DAADAD7E4B086F199034F133DCE1B034E5AD53131
                                                                                                                                                                                                                                SHA-512:D70A9D8FAD2AD71774E2CA82D311E71A9B80BE9F1907E38A79529B142FE462BE393E1F39C7114FE674CD703C57001F4B42A27445C8ACA047074DA15A85E34F96
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... ............................................................`...@......@............... ......................................D ..........8)..........P...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.7523247989432935
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:iZL6h2FWVvo9W8YA6VFHRN752Y2MR9zPy0:iZWhAdFCl52Q9zK0
                                                                                                                                                                                                                                MD5:0031FC0CF7730A0D2A235083C7BE48D4
                                                                                                                                                                                                                                SHA1:FC6B6BD1AE65FEF8DCAFE4FEF263F36270ADED3B
                                                                                                                                                                                                                                SHA-256:9351D54C7407694F2ABB14DE7770A85CDE97AB0E603B9B54800DD78D4D10E59A
                                                                                                                                                                                                                                SHA-512:C25AAC8EE4FC10A8E53772C5FE9804C63E116EF4A2129EDFCC0D798417F96118FC7ED510656C6507132CBE9500676EC05D0A5F6A77B76CCE068BEC7087344FA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=..........." ..0..............(... ...@....... ..............................7*....`..................................(..O....@..8................)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~.. ...D...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3............................................................>...........i.....$...........T.....j.....9....................... .....R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Windows.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):56184
                                                                                                                                                                                                                                Entropy (8bit):6.176478053101136
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:H/+4IBAKUcb+KRcuVLJq9rweB2mnzkVJorcwwMevekaHhXn80GT0g8T:m7ouR80eELVCwxmkaBXhGYxT
                                                                                                                                                                                                                                MD5:F672A537A363A4EEA79A48CF34FA5808
                                                                                                                                                                                                                                SHA1:B9101BA7E62B0116AC5A7D4064D91F684E25F233
                                                                                                                                                                                                                                SHA-256:B0B15EE123D24A220DC3446C96A6273E2FDADE71D1F352BF06217BDE57778B24
                                                                                                                                                                                                                                SHA-512:4ED8FB355723824C6E608B38D397C215142D508C80E5000DF854200DE8F89B44EB4AFE5829EA40F7706A6149527DBD8C748FF3AF9172D9A20B24958DD94E6484
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N............" ..0.................. ........... ....................... ......nL....`.....................................O.......................x#..............T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........T...n..........$...(...L.........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...( ...*.(....,!r...p......%...%...%...%...(....*....(!...*..,&(....,..r...pr...p.(....("...*..(#...*.*.(....,.r...p......%...%...(....*...($...*.(....,.r...p......%...%...%...(....*....(%...*.(....,"r...p......%...%...%...%....(....*......(&...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Windows.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.713032229773769
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:oaHtXz5UAWElSWNYA6VFHRN75FwB2IR9zJZpA7:7xNUo5FCl3wwU9zW7
                                                                                                                                                                                                                                MD5:CF29C8C0F79AB74BB29D01A8CD114146
                                                                                                                                                                                                                                SHA1:DFFFCA8A3FB3CA3DEFD6F74DEE30D0A2C3824A70
                                                                                                                                                                                                                                SHA-256:60E61212B4413692C26885707CF656A94D9676FF416C009FECA45C13B45271AE
                                                                                                                                                                                                                                SHA-512:FE22D7A38752FF490568F9041C8FC063EAF2828B9D136446BA2F183B6433CCD1D184A4B1355B13ABF2CDE428025EE0C36D42ACBB2006539A9EFF31A166432DB7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................X.....`.................................Q*..O....@..X................)...`......t)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...|...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.701189252773519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:vc17FduW1H4W1W2yWxNzx95jmHnhWgN7acWPwy8RwX01k9z3AzBhxH9cHYNm:uWW1H4WUmX6HRN7YV9R9z6Hxu4Y
                                                                                                                                                                                                                                MD5:30E9D9AC1BBC20DF3488FA252015553E
                                                                                                                                                                                                                                SHA1:FB9419C4C85DBD5A3E2A9419AD34B4635C6CB544
                                                                                                                                                                                                                                SHA-256:79D0149A24692E7C6B2EEB854CFBF3400702ED3D6640AA471ECE856B59E269E8
                                                                                                                                                                                                                                SHA-512:22BAE9984027A91DD7AAA53E05B387C20315153C30954E6770538D85C0990C2622BD16E42CF7C70DD88BC01975A886B99D8AFFBF859C2C339ED3A18D6BCDE5EA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0.............B+... ...@....... ....................................`..................................*..O....@..X................)...`.......*..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................#+......H.......P ..@....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22328
                                                                                                                                                                                                                                Entropy (8bit):6.376492073803144
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Z1G5qkxK67ex4FC1sW1/AWZjX6HRN7Nx9WR9zBwrw:v6LWnrWw9zT
                                                                                                                                                                                                                                MD5:21D8FDE33639C09BE8AD7EA2CE430C39
                                                                                                                                                                                                                                SHA1:EB5DFA19839787F0CD7C0F8008AAFDAD62E33182
                                                                                                                                                                                                                                SHA-256:0EBF6E07AC4C055F6EAC71D86CB01C43FA3DF6954828FAEC2E9A491D28305CB1
                                                                                                                                                                                                                                SHA-512:28545864610BD19F44A5D06671453CAB62A33BA92E786C5B2A2F089ADA33FE6E947F6D6223195AFA5016F7A5EC506B33A84CC3EBCE4421CA8240C459AA03CAE7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..$...........B... ........@.. ..............................AM....`.................................wB..T....`..................8)...........A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P .......................................w.y.9e.)....w..N....5...V.IT......j..~...(.."......7..o.....M{f...jV.".l.+%J.....x._.....,...d..~C..u..c..A...E...!.fmBSJB............v4.0.30319......`...|...#~......8...#Strings............#GUID...$.......#Blob......................3............................................................G..... .......b...-.....f.......i.......................................[...............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.Serialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.632838369230027
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ZIhLW7MIEqHWJYA6VFHRN7cNviCksR9zcm:ZIhkbEqSFClWio9z3
                                                                                                                                                                                                                                MD5:14A3984EA8B856B26EF616F614D5350C
                                                                                                                                                                                                                                SHA1:CDD8701E19708B6916F3336BCA9B5D60777EB41D
                                                                                                                                                                                                                                SHA-256:C9C61183DF3FB4E23A0D98D3A1464352D84BBF80DBF05B5F2DFD5FB8186CA4E1
                                                                                                                                                                                                                                SHA-512:B99B727D1D0FCF453F6F1631C46D817A828B02A8E3D231A772E18433BA0133D0EED747C5E6563A9FC7CDBB75183C986F10DAA639AC8DF230DAE68AEA1A09A214
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"..........." ..0.............R,... ...@....... ....................................`..................................+..O....@..................()...`.......+..T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................1,......H.......P ..<....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.774367058875485
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:kZKFW/QdWHYA6VFHRN7Z9ZL2IR9zJHJUO:XB6FClZ9ZaU9zbB
                                                                                                                                                                                                                                MD5:BE12DF6ED82876BE80A492350334C32D
                                                                                                                                                                                                                                SHA1:929B139819B4AA89B251B0F7C79C84BB27255180
                                                                                                                                                                                                                                SHA-256:5BF16937086393770381C25842CB35011942F78D0C9EA7DCDAF0161429288B8A
                                                                                                                                                                                                                                SHA-512:CB4D30DD1EC8A1A5549BF06120C36275050714D4AC1049838A450D5345491E96C17EB18FD351280BA3808CED1D51C7F89EA7653091490C06AE98B7313CCC9C9F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q..........."!..0..............+... ........@.. ..............................Z.....`.................................q+..Z....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................`....Uk..O..8.....P.g.:.....PJ.+F.".C.{.....c.^.6....ejIs9..Lc5]...-#..8...I..b..yC`.......us_.V....~...c.^^...5....&Ssc....BSJB............v4.0.30319......`.......#~..d.......#Strings............#GUID...$.......#Blob......................3................................................L.............................p.L.....L.....8.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):30984
                                                                                                                                                                                                                                Entropy (8bit):4.288581469269511
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SW0heWs6bkmv7dYA6VFHRN7bUD2IR9zJO2:Ss6gmZFClbDU9zp
                                                                                                                                                                                                                                MD5:63AF3D0B5B3681BA5BB2586E41014548
                                                                                                                                                                                                                                SHA1:0E7A369FD101B66A96577FFB16FB188BDE100496
                                                                                                                                                                                                                                SHA-256:865C8934588F79ACB1BF69D0D406198ECCAC4751BFABCC0F6BB4E6712459090E
                                                                                                                                                                                                                                SHA-512:F82C6C4011F8B8C51AD506C22E5D4B1FCD4A3AFD10B9D0924CEFA54A5DD61E0DBFE972644ADB603AC0E75AE00DDD553D718E9BCB18F4CB95C25A3DEA9B323CC3
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ... ...............................................P......3.....`...@......@............... ...................................... ........P...)...@......p...p...............................................................H............text...3........ .................. ..`.data.../....0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XPath.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.732697208000902
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:hxLiAH6DWB2vWmBX6HRN7GNviCksR9zcrIs:7dHitWIio9zgIs
                                                                                                                                                                                                                                MD5:5A38DE4B1F1CEE04CE6CF96E1E07BA8B
                                                                                                                                                                                                                                SHA1:D66CCD2E1589D58E3621BCF2E63CCAE509171519
                                                                                                                                                                                                                                SHA-256:6AF1A8C435EF7BB1972E0509BBDD9A32B665949C248B6FD777833ABC527F290C
                                                                                                                                                                                                                                SHA-512:3069EDB787B0BDB46E023AB71E34B817CE4E00EE9AE69F7D75DA4D3477824761D38B30690F012EA3B1F54D3A25EDCFE292C1AC615FF4F2C4E82127D448CA98DB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........."!..0..............*... ........@.. ...............................g....`..................................*..Z....@..h...............8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ........................................w[zr..~.....8...<xq..W..xe...x.W.6pYMM..E..d..CJ..s...H.EKtfC V.Y7...6...o<g*.=.N.!..}".....R.r ....=.Q..*=yv.'.U>7.D{#..TBSJB............v4.0.30319......`.......#~......\...#Strings....P.......#GUID...`.......#Blob......................3......................................'.........C.............................g.{...%.{.....d.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.767329523656509
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:DTdo1x3iWe7sWo6X6HRN7lVXC4deR9zVj7uS:Xdo1sBWlVXC4dC9zVjr
                                                                                                                                                                                                                                MD5:123A240246001C458E14CA32D40D56EC
                                                                                                                                                                                                                                SHA1:473A3DF6DF0269BC824B6B90217CFA2141AF59C1
                                                                                                                                                                                                                                SHA-256:BAE0097F29C72DC7095DB06156D11BE9949C28CD8FFE5605851FFA8308B443BA
                                                                                                                                                                                                                                SHA-512:58AB7B7F06BC0A418B77DCBE8ABDC66850791B3D0AC4EB3819EA717B5B151B167B7CEE7ECDBDB86E66A1EF073B7E877ADB0C70F3B973E712DCB637BC504D0916
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..............+... ...@....... ..............................;n....`.................................E+..O....@...................)...`......X*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................y+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18216
                                                                                                                                                                                                                                Entropy (8bit):6.626651656502574
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:g3ohYBNTtxaxzWp2vWEpWjA6Kr4PFHnhWgN7a0Wb3pWXYz1X01k9z3A/u84ts:g3oSX2zWp2vWEYA6VFHRN7SsoJR9zgu6
                                                                                                                                                                                                                                MD5:59C396A982C075DEC28848C21B9B3287
                                                                                                                                                                                                                                SHA1:49889A00099595C550AC919E381E030C11D84322
                                                                                                                                                                                                                                SHA-256:9399F32559DCF33BE15D7F7C67BA6139602439BA848128715D3919084EFF0C8A
                                                                                                                                                                                                                                SHA-512:1492AC135547ABA77EFFE2C1C8DA278CA04CF5C8836CE175682B163BA7BD392C10A2718A9667A1EA2F6DB4A7984550C5C511796183A29B5D7902D2C0A2F3E300
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0.............N3... ........@.. ....................................`..................................2..R....@..................()...`.......2..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................03......H........ ..4...................P ...............................................z..R+...x...].R.;.m.xd.........%k........_........>.....KG.`..g.......a.&...j....:.Q'L)J...@...r^\C....\.nuBSJB............v4.0.30319......`.......#~.. ...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F.....H.....N...............................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.279851716286934
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:x5FIeq5ufyw8bcB8yGOk2Y0WKvjsWLYA6VFHRN7RQXu0R9zI+SI:x5FIeWv2dNFClRGu49zp
                                                                                                                                                                                                                                MD5:70B07221E2FF122EDC83D1CE7878F071
                                                                                                                                                                                                                                SHA1:10DC2947E778C5D3279251214FFC4D6F537AAFBA
                                                                                                                                                                                                                                SHA-256:C55AFCA244EA174CD7D26B81342B831D61D15F3D80EEE9406168F136CBCDD5B6
                                                                                                                                                                                                                                SHA-512:DB0114AEA937A0443595C1CCF577D540FAEDCB632C0475B1C3CA26A5076CEFADF916196DE0CCB924A657428E77FE892748AE22D495668445B4E113C98B89EA85
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ....................................`..................................H..O....`..8............4..()...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):50440
                                                                                                                                                                                                                                Entropy (8bit):5.759917233301275
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:eOlKhT46UA2Zi5wRNH5JVb0U502zq1TntuqZbFClYV9z6C:tu6Zi5i5jzCkeZisz3
                                                                                                                                                                                                                                MD5:91D003E2BCC6C343D3C752C9745F807C
                                                                                                                                                                                                                                SHA1:A793B282D2125C2F9DD5FD0380DA475F92A804A7
                                                                                                                                                                                                                                SHA-256:DE72057E9A2E41290B8BB3B829B101F420477726E134069A2E0C33270DEF210F
                                                                                                                                                                                                                                SHA-512:7862E0B67DFA761F45078813AEDF06C3C1D06545FA1E5FAB72F64F1FC0B2153444789D9AB3F599521AF89B3702E20D3DEC0CDEA42EB0ECF649755B03A215E0AB
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\System.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ...............................R....`.....................................O........................)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .....................8.......................................BSJB............v4.0.30319......l....:..#~..d;..dR..#Strings...........#US........#GUID..........#Blob......................3............................-......................=..\..=.....=...=............; ..2.; ..T.M.....m=....m=....; ..9.; ....; ....; ....; .. .; ..P.; ................};....};....};..).};..1.};..9.};..A.};..Q.}; .Y.};..a.};..i.};..q.};..y.};....};....};......[.....d.........#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\WindowsBase.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.726952486721783
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:6asFWQClWVrcW+ZX6HRN70oFr9R9z6HrUv:NCn8W0oFD9z6LUv
                                                                                                                                                                                                                                MD5:AF65B24620A1E57D5AF9C71EE3AD9587
                                                                                                                                                                                                                                SHA1:32E842B3D79AF9B8076F807481A8FE37E5537037
                                                                                                                                                                                                                                SHA-256:54123FC5B700ACA49B87F05A94C42D65F094EEB4EF450CD51FCEB73DB303FAB4
                                                                                                                                                                                                                                SHA-512:CEE9E50631869F2D0976217BAE8A3CE78DFF933EC62A4D2D148C72631EC37746160D64EAA959246A5E2A4FF9AFA0186171EDA5972D3AA3A732ACF1F1CCE00A13
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V1*..........." ..0..............-... ...@....... ...................................`.................................O-..O....@..8................)...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\mscorlib.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):59696
                                                                                                                                                                                                                                Entropy (8bit):5.652717651829639
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:kt51EDMpCUoqFY66Gw17oqZn/TEHmyrchswz6EEZcYf5o4ba2yGlG1QeY48lCiDV:ktFcC3ZcYf5o4bZyGc1A4cDXWQQzi3
                                                                                                                                                                                                                                MD5:52CFF557AED4CBD8D59B899A761B82BA
                                                                                                                                                                                                                                SHA1:E99FE78B96578A4A8036A07D431A3EB21FFA83C7
                                                                                                                                                                                                                                SHA-256:2F8E23C3566B02B2F9E0E1B86D6D81D3CE0DF06C5B9AEB68CEB66B6B152ED099
                                                                                                                                                                                                                                SHA-512:ED9B3A1BBA91FDEADCCFBDD63F10B72915EEFEA182564A62C163C34A865F00AFE81B72DC32FB55BA4D97803222ED934FB92861B6E16A9A58E785FCD2BDF8D1E9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{\............" ..0.................. ........... ....................... ............`.................................q...O.......(...............0)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P ..................... .......................................BSJB............v4.0.30319......l...$O..#~...O..(b..#Strings............#US.........#GUID..........#Blob......................3................................e.....b/........L%.O...).O....RO..EP.......+..:.:4..J$:4...&S0...+.O...%.O...(:4...&:4...":4....:4....:4..U&:4....:4.................N.....N.....N..)..N..1..N..9..N..A..N..Q..N .Y..N..a..N..i..N..q..N..y..N.....N.....N......R.....[.....z...#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\netstandard.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):101160
                                                                                                                                                                                                                                Entropy (8bit):5.502135579975956
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:bYsYXj0p2NYq5V4bgDHsPdIpuSE5L3Ukcz9wnXiKdkz:MMkYe4bgDUAxCnXI
                                                                                                                                                                                                                                MD5:937A6DCE409FE67D60722137A5E860EC
                                                                                                                                                                                                                                SHA1:9DC0849E2164D7B25F7F0F6DC3B9600EC431E914
                                                                                                                                                                                                                                SHA-256:F56C741CC18D17CB031A9CDEB3DE3C4662CF80CB65F434DCA5DF328AC682C5C1
                                                                                                                                                                                                                                SHA-512:B5379A528CDCB6F55A85002D89FCA19B2C2BC9461647E3B81791D63E8F2E0227B22427CB2A60393F3A6FC9B1E407E23E2B22AF93C378A16D83B232CA2DE74D79
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..X...........v... ........... ....................................`.................................?v..O.......8............b..()..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...8............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\oke.deps.json

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):68627
                                                                                                                                                                                                                                Entropy (8bit):4.918295586326581
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Q/wXxa7ZcgnAe8mdWAAoHAfAedwAu1CrtOGS4vj0YBkHo7R/z3z15TX8CCCBMBkJ:QHMxSKDn18CCCm6G++CTD9X6gY/mrz
                                                                                                                                                                                                                                MD5:95FE0F86BC0BB87B934ED711D1D2EB8C
                                                                                                                                                                                                                                SHA1:9B30D70864079B635D959642BBA4E8A1FC04CDA4
                                                                                                                                                                                                                                SHA-256:39AFF2BBDB0A0AB3B4FD6A815AF0E44E0EB519B515F8ECE742A03447F52CC43C
                                                                                                                                                                                                                                SHA-512:DDC4EED453E2F1CF39F119A32DB6E4F1DC05DE79BDE93D58BF0B911E78911EBF592D3EA20A9BB08D79D7EA8B16C284C64465C5050E949539FE8D311A66FF7959
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v8.0": {},.. ".NETCoreApp,Version=v8.0/win-x64": {.. "oke/1.0.0": {.. "dependencies": {.. "Microsoft.NET.ILLink.Tasks": "8.0.11",.. "Newtonsoft.Json": "13.0.3",.. "System.Data.SQLite": "1.0.119",.. "System.Diagnostics.Process": "4.3.0",.. "System.Management": "9.0.0",.. "System.Security.Cryptography.ProtectedData": "9.0.0",.. "System.ServiceProcess.ServiceController": "9.0.0",.. "runtimepack.Microsoft.NETCore.App.Runtime.win-x64": "8.0.11".. },.. "runtime": {.. "oke.dll": {}.. }.. },.. "runtimepack.Microsoft.NETCore.App.Runtime.win-x64/8.0.11": {.. "runtime": {.. "Microsoft.CSharp.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.51707"..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\oke.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):410720
                                                                                                                                                                                                                                Entropy (8bit):6.093848757894174
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:LAuqgjWmu6v/5GiFUuWQSu3ecleCxwlqkJY1R:EuqgPSuOuucUllNkR
                                                                                                                                                                                                                                MD5:5E9C50A7DE7F05B110972FD85E4FB388
                                                                                                                                                                                                                                SHA1:2486EC879763C3B8547EF805BF9208DDE3CA8181
                                                                                                                                                                                                                                SHA-256:2C498A006E504A538042D590C353D07CC81FD74BC044B1D68508927B4B7E8DCF
                                                                                                                                                                                                                                SHA-512:BC8F6913A34A3B6130A4C5024755F7B78E49051535842B32A1B8D17BF090119AF566B32FC6D621EB9C53A9397DFB6A2BEC7550AFAF8C0780E1A5D7958B6AE425
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...................0......L........... ........@.. .......................`............`.................................P...K........H..............`8...@....................................................... ............... ..H............text........ ...................... ..`.rsrc....H.......J..................@....reloc.......@......................@..B........................H...........x.......7....^..t{...........................................0..0.......+.(.xo_ ........8........E........................\...8....r...ps....z*~f...(B... .... .... ....s....~g...(F....... ....~....{....:....& ....8....~....:.... ....~....{....:i...& ....8^......... ....~....{\...9D...& ....89...8a... ....~....{....9 ...& ....8........~h...(J...~i...(N... ....<.... ....8.....0..........(9... ........8........E................9...8....*(.... ....8....(.... ....~....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\oke.runtimeconfig.json

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):372
                                                                                                                                                                                                                                Entropy (8bit):4.676624916571053
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6:3Hp/hdNyhA0H0b2mwM5BXmJe5S1Me+AQ6NOCUo+K8E7/OyPfKmn5BNTy:dFG0b2voBEe01MeGex+K8E7nS2r2
                                                                                                                                                                                                                                MD5:59D61BDEBD920CB9E4D60307A2BC5C92
                                                                                                                                                                                                                                SHA1:5FF725D1F163C000B9626824DA74328B5967B4FB
                                                                                                                                                                                                                                SHA-256:81DACB192A7580652C042828A76633EDF434558CE0AA89DA26DC1CA070839852
                                                                                                                                                                                                                                SHA-512:B7D7F26365E9772F5E31F0F133E1F4FE7E9440589145D890F440E3A49377F7E9317D573677780209AA2A968D7FB7A3867A999357BB38BA18C88D4863147A5CBD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:{.. "runtimeOptions": {.. "tfm": "net8.0",.. "includedFrameworks": [.. {.. "name": "Microsoft.NETCore.App",.. "version": "8.0.11".. }.. ],.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false,.. "System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": false.. }.. }..}

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\zbROZPjAQ7\1140\sni.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):160040
                                                                                                                                                                                                                                Entropy (8bit):6.333962640370861
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:zGaHqhU3X+sWqpyojzXVgO/U9SS2PCKPZteYlbLUrHeUJcJnWMROkIvNHc:znHSK+svytSS2PzbeYlbLk0n+Hc
                                                                                                                                                                                                                                MD5:7F1799B65B98450A19E4D049E9D3E70D
                                                                                                                                                                                                                                SHA1:EC80C5A33374423A9E986C383A36A97DA70A3584
                                                                                                                                                                                                                                SHA-256:68705C4EF9AB818F2956A78E05F3FEFCE501A1448793B073B46110BEB49B47D6
                                                                                                                                                                                                                                SHA-512:8D67297C5CDED487C88FCAAD5A36E80926DAD8F1863E38F397751056F51258AC7B5A9E5C09C01BBA7A224F38FB2EE719586FAF0BA81516E05A19649EB09E7B78
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...0..0..0.....0..3..0..5..0..4..0.M ...0..1.+.0...9..0...0..0......0...2..0.Rich..0.................PE..d....hfY.........." .................K...................................................`A............................................X...X........................2..(?......(.......T............................................................................text............................... ..`.rdata..D...........................@..@.data....S...0......................@....pdata..............................@..@.rsrc................(..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp1avomf.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):7.840820005146172
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                File name:zbROZPjAQ7.exe
                                                                                                                                                                                                                                File size:39'885'660 bytes
                                                                                                                                                                                                                                MD5:0af48295a8f30ce6929b60c0d57b267c
                                                                                                                                                                                                                                SHA1:5c1e864dadbc0b435ed53fdb737b17b28b9f07ff
                                                                                                                                                                                                                                SHA256:c46e9c80b0394baf6ef362d3f3c4827c07836f509bffcc27862d7feff3962054
                                                                                                                                                                                                                                SHA512:01c8013ab9651f88aace96901eeba16012313e5d1b2759974e760a1a6490fa4d1ff5cee87ffab9d032acc4fcba93d4710b1c5f773180d53e940f3bd0b09b8b5a
                                                                                                                                                                                                                                SSDEEP:786432:Tbn8OE5aXm3VTHpQKIzApp5+Ln7+ZmfIlCxhIvXOVTI+:Tb8OE5aWdJJ6As7+ZQIlChI2VF
                                                                                                                                                                                                                                TLSH:D8971256E2FD00E8D5BAC0B8C6575527F7B23855133097EB62A48A692F37BE06E3D310
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y..N8.DN8.DN8.DG@vDX8.D...EZ8.D...E\8.D...E.8.D>..EF8.D>..EC8.DN8.DF:.D]..E[8.D]..E.:.D]..EO8.D]..DO8.D]..EO8.DRichN8.D.......

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:62c2ead4d4d28ad2

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x1405cfe90
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0x67115F21 [Thu Oct 17 19:01:53 2024 UTC]
                                                                                                                                                                                                                                TLS Callbacks:0x405cf310, 0x1, 0x405cfad0, 0x1
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:4b1892ce4fbcfcf064c6f69d693fc6a5

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                call 00007F55A12CA618h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                jmp 00007F55A12C9F5Fh
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                call 00007F55A0FB8AF8h
                                                                                                                                                                                                                                jmp 00007F55A12CA0F4h
                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                jmp 00007F55A12CA0DCh
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov dword ptr [esp+18h], esi
                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 10h
                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                cpuid
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov edx, edx
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                xor edx, 49656E69h
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                xor eax, 6C65746Eh
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov ecx, ebx
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                mov eax, 00000001h
                                                                                                                                                                                                                                cpuid
                                                                                                                                                                                                                                inc ebp
                                                                                                                                                                                                                                or edx, eax
                                                                                                                                                                                                                                mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                xor ecx, 756E6547h
                                                                                                                                                                                                                                mov dword ptr [ebp-0Ch], ebx
                                                                                                                                                                                                                                inc ebp
                                                                                                                                                                                                                                or edx, ecx
                                                                                                                                                                                                                                mov dword ptr [ebp-08h], ecx
                                                                                                                                                                                                                                mov edi, ecx
                                                                                                                                                                                                                                mov dword ptr [ebp-04h], edx
                                                                                                                                                                                                                                jne 00007F55A12CA14Dh
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                or dword ptr [001CA17Dh], FFFFFFFFh
                                                                                                                                                                                                                                and eax, 0FFF3FF0h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov dword ptr [001CA165h], 00008000h
                                                                                                                                                                                                                                cmp eax, 000106C0h
                                                                                                                                                                                                                                je 00007F55A12CA11Ah
                                                                                                                                                                                                                                cmp eax, 00020660h
                                                                                                                                                                                                                                je 00007F55A12CA113h
                                                                                                                                                                                                                                cmp eax, 00020670h
                                                                                                                                                                                                                                je 00007F55A12CA10Ch
                                                                                                                                                                                                                                add eax, FFFCF9B0h
                                                                                                                                                                                                                                cmp eax, 20h
                                                                                                                                                                                                                                jnbe 00007F55A12CA116h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov ecx, 00010001h

                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x7966f00xc4.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x7967b40x168.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x8070000x14b630.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x7ba0000x360fc.pdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x9530000x7e2c.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x70a6b00x54.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x70a8800x28.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x6245400x140.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x61d0000xec8.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x7964a40x60.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x10000x61a71c0x61a8000b10188502e90294dafc4ec1ab7c7e1aunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .CLR_UEF0x61c0000xdd0x2003e60305f40e8c29615347b62e95ffa2cFalse0.4140625zlib compressed data3.093020747643803IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rdata0x61d0000x17c5e20x17c600ccea3fd4e581a51a1f647847625a49adFalse0.4178410234554716data5.662369206074474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .data0x79a0000x1ffc40x9800e6b302020041a22887c4a26024f37b43False0.19775390625data3.333283085172606IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .pdata0x7ba0000x360fc0x36200fd626080e4e3733af1f84cb0f28f455dFalse0.5045602987875288data6.505480901328782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .didat0x7f10000x380x200910157a66b34b7706f92927705a37f5aFalse0.064453125data0.42449845906755646IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                Section0x7f20000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                _RDATA0x7f30000x132080x13400617430a8cd708dda1865fee2910d8a1aFalse0.18454494724025974data5.4827244286074395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0x8070000x14b6300x14b8005d66df158cb4953abf4848f86de24203False0.4287087280825792data6.344563817527719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0x9530000x7e2c0x8000dca4e44fa2a43d7401fa4c38300ecb87False0.155853271484375data5.445611795477199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_ICON0x8072000x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.08974964572508266
                                                                                                                                                                                                                                RT_RCDATA0x80b4280x24data1.1666666666666667
                                                                                                                                                                                                                                RT_RCDATA0x80b44c0x24data1.1666666666666667
                                                                                                                                                                                                                                RT_RCDATA0x80b4700x146c10PE32+ executable (DLL) (GUI) x86-64, for MS Windows0.4392890930175781
                                                                                                                                                                                                                                RT_GROUP_ICON0x9520800x14data1.1
                                                                                                                                                                                                                                RT_VERSION0x9520940x340data0.42427884615384615
                                                                                                                                                                                                                                RT_MANIFEST0x9523d40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                KERNEL32.dllRaiseException, FreeLibrary, SetErrorMode, RaiseFailFastException, GetExitCodeProcess, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, AddVectoredExceptionHandler, MultiByteToWideChar, GetTickCount, FlushInstructionCache, QueryPerformanceFrequency, QueryPerformanceCounter, RtlLookupFunctionEntry, LocateXStateFeature, RtlDeleteFunctionTable, InterlockedPushEntrySList, InterlockedFlushSList, InitializeSListHead, GetTickCount64, DuplicateHandle, QueueUserAPC, WaitForSingleObjectEx, SetThreadPriority, GetThreadPriority, GetCurrentThreadId, TlsAlloc, GetCurrentThread, GetCurrentProcessId, CreateThread, GetModuleHandleW, WaitForMultipleObjectsEx, SignalObjectAndWait, RtlCaptureContext, SetThreadStackGuarantee, VirtualQuery, WriteFile, GetStdHandle, GetConsoleOutputCP, MapViewOfFileEx, UnmapViewOfFile, GetStringTypeExW, InterlockedPopEntrySList, ExitProcess, Sleep, CreateMemoryResourceNotification, VirtualAlloc, VirtualFree, VirtualProtect, SleepEx, SwitchToThread, SuspendThread, ResumeThread, InitializeContext, SetXStateFeaturesMask, RtlRestoreContext, CloseThreadpoolTimer, CreateThreadpoolTimer, SetThreadpoolTimer, ReadFile, GetFileSize, GetEnvironmentVariableW, SetEnvironmentVariableW, CreateEventW, SetEvent, ResetEvent, GetThreadContext, SetThreadContext, GetEnabledXStateFeatures, CopyContext, WerRegisterRuntimeExceptionModule, RtlInstallFunctionTableCallback, GetSystemDefaultLCID, GetUserDefaultLCID, RtlUnwind, HeapAlloc, HeapFree, GetProcessHeap, HeapCreate, HeapDestroy, GetEnvironmentStringsW, FreeEnvironmentStringsW, FormatMessageW, CreateSemaphoreExW, ReleaseSemaphore, GetACP, LCMapStringEx, LocalFree, VerSetConditionMask, VerifyVersionInfoW, QueryThreadCycleTime, GetLogicalProcessorInformationEx, SetThreadGroupAffinity, GetThreadGroupAffinity, GetProcessGroupAffinity, GetCurrentProcessorNumberEx, GetProcessAffinityMask, QueryInformationJobObject, CloseHandle, GetSystemTimeAsFileTime, GetModuleFileNameW, CreateProcessW, GetCPInfo, LoadLibraryExW, CreateFileW, GetFileAttributesExW, GetFullPathNameW, LoadLibraryExA, OutputDebugStringA, OpenEventW, ReleaseMutex, ExitThread, CreateMutexW, HeapReAlloc, CreateNamedPipeA, WaitForMultipleObjects, DisconnectNamedPipe, CreateFileA, CancelIoEx, GetOverlappedResult, ConnectNamedPipe, FlushFileBuffers, SetFilePointer, MapViewOfFile, GetActiveProcessorGroupCount, GetSystemTime, SetConsoleCtrlHandler, GetLocaleInfoEx, GetUserDefaultLocaleName, RtlAddFunctionTable, LoadLibraryW, CreateDirectoryW, RemoveDirectoryW, CreateActCtxW, ActivateActCtx, FindResourceW, GetWindowsDirectoryW, GetFileSizeEx, FindFirstFileExW, FindNextFileW, GetTempPathW, FindClose, LoadLibraryA, GetCurrentDirectoryW, IsWow64Process, EncodePointer, DecodePointer, CreateFileMappingA, TlsSetValue, TlsGetValue, GetSystemInfo, GetCurrentProcess, OutputDebugStringW, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WideCharToMultiByte, GetCommandLineW, GetProcAddress, GetModuleHandleExW, SetThreadErrorMode, FlushProcessWriteBuffers, SetLastError, DebugBreak, WaitForSingleObject, GetNumaHighestNodeNumber, SetThreadAffinityMask, SetThreadIdealProcessorEx, GetThreadIdealProcessorEx, VirtualAllocExNuma, GetNumaProcessorNodeEx, VirtualUnlock, GetLargePageMinimum, IsProcessInJob, K32GetProcessMemoryInfo, GetLogicalProcessorInformation, GlobalMemoryStatusEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, RtlVirtualUnwind, IsProcessorFeaturePresent, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsFree, RtlPcToFileHeader, TryAcquireSRWLockExclusive, GetExitCodeThread, GetStringTypeW, InitializeCriticalSectionEx, GetLastError, CreateFileMappingW
                                                                                                                                                                                                                                ADVAPI32.dllReportEventW, AdjustTokenPrivileges, RegGetValueW, SetKernelObjectSecurity, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, OpenProcessToken, DeregisterEventSource, RegisterEventSourceW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, EventRegister, SetThreadToken, RevertToSelf, OpenThreadToken, EventWriteTransfer, EventWrite, LookupPrivilegeValueW
                                                                                                                                                                                                                                ole32.dllCreateStreamOnHGlobal, CoRevokeInitializeSpy, CoGetClassObject, CoGetContextToken, CoGetObjectContext, CoUnmarshalInterface, CoMarshalInterface, CoGetMarshalSizeMax, CLSIDFromProgID, CoReleaseMarshalData, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CoInitializeEx, CoRegisterInitializeSpy, CoWaitForMultipleHandles, CoUninitialize, CoCreateFreeThreadedMarshaler
                                                                                                                                                                                                                                OLEAUT32.dllCreateErrorInfo, SysFreeString, GetErrorInfo, SetErrorInfo, SysStringLen, SysAllocString, SysAllocStringLen, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayDestroy, QueryPathOfRegTypeLib, LoadTypeLibEx, SafeArrayGetVartype, VariantChangeType, VariantChangeTypeEx, VariantClear, VariantInit, VarCyFromDec, SafeArrayAllocDescriptorEx, GetRecordInfoFromTypeInfo, SafeArraySetRecordInfo, SafeArrayAllocData, SafeArrayGetElemsize, SysStringByteLen, SysAllocStringByteLen, SafeArrayCreateVector, SafeArrayPutElement, LoadRegTypeLib
                                                                                                                                                                                                                                USER32.dllLoadStringW, MessageBoxW
                                                                                                                                                                                                                                SHELL32.dllShellExecuteW
                                                                                                                                                                                                                                api-ms-win-crt-string-l1-1-0.dllstrncat_s, wcsncat_s, strcmp, wcsnlen, wcscat_s, towupper, iswascii, _strdup, strncpy, strnlen, wcstok_s, isdigit, isupper, isalpha, towlower, _wcsdup, iswspace, isspace, islower, strtok_s, _wcsnicmp, strcspn, __strncnt, strlen, wcscpy_s, toupper, wcsncpy_s, strcpy_s, strcat_s, strncpy_s, _strnicmp, tolower, wcsncmp, iswupper, strncmp, _stricmp, _wcsicmp
                                                                                                                                                                                                                                api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsscanf, fflush, __acrt_iob_func, __stdio_common_vfprintf, __stdio_common_vswprintf, __stdio_common_vfwprintf, fputws, fputwc, _get_stream_buffer_pointers, _fseeki64, fread, fsetpos, ungetc, fgetpos, fgets, fgetc, fputc, _wfsopen, _wfopen, __p__commode, _set_fmode, __stdio_common_vsnprintf_s, setvbuf, _setmode, _dup, _fileno, ftell, fseek, fputs, __stdio_common_vsnwprintf_s, __stdio_common_vsprintf_s, fwrite, _flushall, fopen, fclose
                                                                                                                                                                                                                                api-ms-win-crt-runtime-l1-1-0.dll_crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _register_onexit_function, _configure_wide_argv, _initialize_wide_environment, _get_initial_wide_environment, _initterm, _initterm_e, _exit, _invalid_parameter_noinfo_noreturn, __p___argc, __p___wargv, _c_exit, _register_thread_local_exe_atexit_callback, _initialize_onexit_table, _beginthreadex, terminate, _controlfp_s, _wcserror_s, _invalid_parameter_noinfo, _errno, exit, abort
                                                                                                                                                                                                                                api-ms-win-crt-convert-l1-1-0.dll_atoi64, _ltow_s, _wtoi, strtoul, _wcstoui64, atol, _itow_s, strtoull, wcstoul
                                                                                                                                                                                                                                api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, calloc, malloc, realloc
                                                                                                                                                                                                                                api-ms-win-crt-utility-l1-1-0.dllqsort
                                                                                                                                                                                                                                api-ms-win-crt-math-l1-1-0.dllasinhf, atanhf, cbrtf, acoshf, cosh, cbrt, coshf, exp, expf, acosh, atanh, floor, floorf, fma, fmaf, cosf, _fdopen, cos, ceilf, _copysignf, _isnanf, trunc, truncf, ilogb, ilogbf, tanhf, ceil, fmod, fmodf, atanf, frexp, atan2f, atan2, log, log10, log10f, atan, asinf, log2, log2f, logf, pow, powf, sin, sinf, asin, sinh, sinhf, sqrt, sqrtf, tan, tanf, tanh, acosf, _copysign, asinh, _isnan, _finite, modf, modff, acos, __setusermatherr
                                                                                                                                                                                                                                api-ms-win-crt-time-l1-1-0.dll_time64, _gmtime64_s, wcsftime
                                                                                                                                                                                                                                api-ms-win-crt-environment-l1-1-0.dllgetenv
                                                                                                                                                                                                                                api-ms-win-crt-locale-l1-1-0.dll_unlock_locales, setlocale, __pctype_func, ___lc_locale_name_func, _lock_locales, ___lc_codepage_func, ___mb_cur_max_func, _configthreadlocale, localeconv
                                                                                                                                                                                                                                api-ms-win-crt-filesystem-l1-1-0.dll_wrename, _unlock_file, _wremove, _lock_file

                                                                                                                                                                                                                                Exports

                                                                                                                                                                                                                                NameOrdinalAddress
                                                                                                                                                                                                                                CLRJitAttachState30x1407af270
                                                                                                                                                                                                                                DotNetRuntimeInfo40x14079c5d0
                                                                                                                                                                                                                                MetaDataGetDispenser50x140571160
                                                                                                                                                                                                                                g_CLREngineMetrics20x14079bdd8
                                                                                                                                                                                                                                g_dacTable60x140644600

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2025-01-14T12:48:02.949277+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549969104.26.12.205443TCP
                                                                                                                                                                                                                                2025-01-14T12:48:03.779869+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549975104.26.12.205443TCP
                                                                                                                                                                                                                                2025-01-14T12:48:04.313339+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549980208.95.112.180TCP
                                                                                                                                                                                                                                2025-01-14T12:48:04.911891+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549985104.26.12.205443TCP
                                                                                                                                                                                                                                2025-01-14T12:48:05.503271+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549987104.26.12.205443TCP
                                                                                                                                                                                                                                2025-01-14T12:48:05.656959+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549980208.95.112.180TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.069269896 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.069309950 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.069470882 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.111597061 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.111612082 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.729001999 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.729146957 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.735717058 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.735726118 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.736124039 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.782089949 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.840694904 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.883351088 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.949307919 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.949368000 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.949510098 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051307917 CET49969443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051335096 CET44349969104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.081948042 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.081984043 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.082993031 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.158512115 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.158551931 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.639697075 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.640549898 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.640563965 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.641951084 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.641957045 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.779829979 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.779880047 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.779993057 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.784478903 CET49975443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.784501076 CET44349975104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.799710989 CET4998080192.168.2.5208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.804599047 CET8049980208.95.112.1192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.804910898 CET4998080192.168.2.5208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.804910898 CET4998080192.168.2.5208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.809712887 CET8049980208.95.112.1192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.261262894 CET8049980208.95.112.1192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.313338995 CET4998080192.168.2.5208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.314508915 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.314528942 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.314580917 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.315020084 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.315031052 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.770396948 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.773956060 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.773982048 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.774632931 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.774636984 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.911892891 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.911948919 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.912026882 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.912430048 CET49985443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.912444115 CET44349985104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.914320946 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.914343119 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.914405107 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.914663076 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.914675951 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.383415937 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.387747049 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.387773991 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.389214993 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.389219999 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.503093958 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.503151894 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.503237963 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.503607035 CET49987443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.503623962 CET44349987104.26.12.205192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.504117966 CET4998080192.168.2.5208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.508907080 CET8049980208.95.112.1192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.604510069 CET8049980208.95.112.1192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.656959057 CET4998080192.168.2.5208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.740264893 CET4998080192.168.2.5208.95.112.1

                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.059869051 CET6248053192.168.2.51.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.066870928 CET53624801.1.1.1192.168.2.5
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.791691065 CET5805153192.168.2.51.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.798803091 CET53580511.1.1.1192.168.2.5

                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.059869051 CET192.168.2.51.1.1.10x419bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.791691065 CET192.168.2.51.1.1.10xc98bStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.066870928 CET1.1.1.1192.168.2.50x419bNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.066870928 CET1.1.1.1192.168.2.50x419bNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 12:48:02.066870928 CET1.1.1.1192.168.2.50x419bNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.798803091 CET1.1.1.1192.168.2.50xc98bNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                • api.ipify.org
                                                                                                                                                                                                                                • ip-api.com

                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.549980208.95.112.1804416C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Jan 14, 2025 12:48:03.804910898 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                                Jan 14, 2025 12:48:04.261262894 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                X-Ttl: 60
                                                                                                                                                                                                                                X-Rl: 44
                                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.504117966 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                                Jan 14, 2025 12:48:05.604510069 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                X-Ttl: 58
                                                                                                                                                                                                                                X-Rl: 43
                                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.549969104.26.12.2054434416C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 11:48:02 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 11:48:02 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:02 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d650e0b5243d9-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1539&min_rtt=1534&rtt_var=586&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1850443&cwnd=227&unsent_bytes=0&cid=437a8ba2982b8f1a&ts=231&x=0"
                                                                                                                                                                                                                                2025-01-14 11:48:02 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                1192.168.2.549975104.26.12.2054434416C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 11:48:03 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 11:48:03 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d65133bfc4291-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1582&min_rtt=1576&rtt_var=603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1796923&cwnd=207&unsent_bytes=0&cid=300a9b5ec94a5163&ts=144&x=0"
                                                                                                                                                                                                                                2025-01-14 11:48:03 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                2192.168.2.549985104.26.12.2054434416C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 11:48:04 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 11:48:04 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d651a59c57cb4-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1994&min_rtt=1992&rtt_var=751&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1452013&cwnd=232&unsent_bytes=0&cid=67b2548ac6f580b1&ts=150&x=0"
                                                                                                                                                                                                                                2025-01-14 11:48:04 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                3192.168.2.549987104.26.12.2054434416C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 11:48:05 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 11:48:05 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:05 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d651e0f18439c-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1589&rtt_var=599&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1823860&cwnd=224&unsent_bytes=0&cid=58d9dd80dd91a22d&ts=123&x=0"
                                                                                                                                                                                                                                2025-01-14 11:48:05 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:06:47:03
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\zbROZPjAQ7.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\zbROZPjAQ7.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6809e0000
                                                                                                                                                                                                                                File size:39'885'660 bytes
                                                                                                                                                                                                                                MD5 hash:0AF48295A8F30CE6929B60C0D57B267C
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                Start time:06:47:12
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9492 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
                                                                                                                                                                                                                                Imagebase:0x7ff715980000
                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                Start time:06:47:15
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1612 --field-trial-handle=1488,i,14311009380432291782,1194724055867513184,262144 --disable-features=PaintHolding /prefetch:8
                                                                                                                                                                                                                                Imagebase:0x7ff715980000
                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                Start time:06:47:37
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9553 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
                                                                                                                                                                                                                                Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                Start time:06:47:38
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=372 --field-trial-handle=1404,i,1325028692104923150,16817396278777672498,262144 --disable-features=PaintHolding /prefetch:3
                                                                                                                                                                                                                                Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                No disassembly