Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iTVsz8WAu4.exe

Overview

General Information

Sample name:iTVsz8WAu4.exe
renamed because original name is a hash value
Original sample name:ff542214469620d4b284472dae80e77d50f0b6a1f3da3c2b0922243a8796ae26.exe
Analysis ID:1590659
MD5:d6b0f6b6e4687d0d33f9c4523219a1a9
SHA1:fa1864dac95ecfcfa21dd62a7a8de5ebec7cc339
SHA256:ff542214469620d4b284472dae80e77d50f0b6a1f3da3c2b0922243a8796ae26
Tags:bot7711615259exeuser-JAMESWT_MHT
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • iTVsz8WAu4.exe (PID: 5788 cmdline: "C:\Users\user\Desktop\iTVsz8WAu4.exe" MD5: D6B0F6B6E4687D0D33F9C4523219A1A9)
    • chrome.exe (PID: 1504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 2908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1580 --field-trial-handle=1440,i,10015738160290099957,7113324669390764060,262144 --disable-features=PaintHolding /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • WINWORD.EXE (PID: 6756 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • msedge.exe (PID: 7968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9351 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 8132 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1616 --field-trial-handle=1388,i,4130655194958272228,13477878399729712916,262144 --disable-features=PaintHolding /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 3 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\iTVsz8WAu4.exe", ParentImage: C:\Users\user\Desktop\iTVsz8WAu4.exe, ParentProcessId: 5788, ParentProcessName: iTVsz8WAu4.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 1504, ProcessName: chrome.exe
            Sigma detected: Browser Execution In Headless Mode
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\iTVsz8WAu4.exe", ParentImage: C:\Users\user\Desktop\iTVsz8WAu4.exe, ParentProcessId: 5788, ParentProcessName: iTVsz8WAu4.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 1504, ProcessName: chrome.exe
            Sigma detected: Browser Started with Remote Debugging
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\iTVsz8WAu4.exe", ParentImage: C:\Users\user\Desktop\iTVsz8WAu4.exe, ParentProcessId: 5788, ParentProcessName: iTVsz8WAu4.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 1504, ProcessName: chrome.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-14T13:11:33.728813+010028033053Unknown Traffic192.168.2.749746172.65.251.78443TCP
            2025-01-14T13:12:21.245210+010028033053Unknown Traffic192.168.2.763794172.67.74.152443TCP
            2025-01-14T13:12:21.863540+010028033053Unknown Traffic192.168.2.763795172.67.74.152443TCP
            2025-01-14T13:12:22.407332+010028033053Unknown Traffic192.168.2.763796208.95.112.180TCP
            2025-01-14T13:12:23.085677+010028033053Unknown Traffic192.168.2.763797172.67.74.152443TCP
            2025-01-14T13:12:23.711503+010028033053Unknown Traffic192.168.2.763798172.67.74.152443TCP
            2025-01-14T13:12:23.891623+010028033053Unknown Traffic192.168.2.763796208.95.112.180TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: iTVsz8WAu4.exeReversingLabs: Detection: 13%
            Source: iTVsz8WAu4.exeVirustotal: Detection: 20%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
            Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.7:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:63794 version: TLS 1.2
            Source: iTVsz8WAu4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdb source: System.Threading.Thread.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: System.Security.Cryptography.Csp.dll.0.dr
            Source: Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Handles/Release/net8.0-windows/System.Runtime.Handles.pdbSHA256 source: System.Runtime.Handles.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.0.dr
            Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb@@@GCTL source: sni.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: System.Reflection.Emit.Lightweight.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Handles/Release/net8.0-windows/System.Runtime.Handles.pdb source: System.Runtime.Handles.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256P?> source: System.Diagnostics.DiagnosticSource.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: System.Xml.XDocument.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll0.0.dr
            Source: Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
            Source: Binary string: System.ObjectModel.ni.pdb source: System.ObjectModel.dll.0.dr
            Source: Binary string: System.IO.MemoryMappedFiles.ni.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdb source: System.Web.dll0.0.dr
            Source: Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdbSHA256= source: System.Runtime.CompilerServices.VisualC.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Configuration.ConfigurationManager/netstandard-Release/System.Configuration.ConfigurationManager.pdbSHA256; source: System.Configuration.ConfigurationManager.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdb source: System.CodeDom.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll0.0.dr, System.Security.SecureString.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256<q source: System.Net.WebProxy.dll.0.dr
            Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdbSHA256 source: System.Data.SQLite.EF6.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdbSHA256<t source: System.Numerics.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdb source: System.Drawing.Common.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdb source: System.Reflection.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: System.Threading.dll.0.dr
            Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr
            Source: Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdbSHA256 source: System.Diagnostics.Tools.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdb source: System.Resources.Reader.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdbSHA2563 source: System.IO.FileSystem.Primitives.dll.0.dr
            Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TextWriterTraceListener\Release\net8.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256v source: System.Buffers.dll.0.dr, System.Buffers.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdbSHA256 source: System.Net.ServicePoint.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: System.Runtime.Serialization.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: System.Reflection.Emit.Lightweight.dll.0.dr
            Source: Binary string: System.Threading.ni.pdb source: System.Threading.dll.0.dr
            Source: Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdb source: System.Net.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll0.0.dr
            Source: Binary string: System.Net.ServicePoint.ni.pdb source: System.Net.ServicePoint.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdbSHA256a{ source: System.IO.Compression.FileSystem.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.0.dr, System.ValueTuple.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdbSHA256 source: System.Xml.dll0.0.dr
            Source: Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
            Source: Binary string: System.ComponentModel.Annotations.ni.pdb source: System.ComponentModel.Annotations.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
            Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
            Source: Binary string: System.Net.WebProxy.ni.pdb source: System.Net.WebProxy.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll0.0.dr
            Source: Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
            Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/WindowsBase/Release/net8.0-windows/WindowsBase.pdb source: WindowsBase.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll0.0.dr, System.Resources.ResourceManager.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections\Release\net8.0\System.Collections.pdb source: System.Collections.dll0.0.dr
            Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: System.IO.Compression.ZipFile.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: System.Configuration.dll.0.dr, System.Configuration.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdbSHA256 source: System.IO.Pipes.AccessControl.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256sO source: System.Net.Requests.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Windows.Extensions/netcoreapp3.0-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdb source: System.Threading.Overlapped.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdb source: System.Core.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdbSHA256 source: System.Windows.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: System.Net.WebProxy.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdb source: System.Transactions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
            Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdbSHA256s source: EntityFramework.SqlServer.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.Brotli\Release\net8.0-windows\System.IO.Compression.Brotli.pdb source: System.IO.Compression.Brotli.dll.0.dr
            Source: Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.0.dr
            Source: Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Watcher\Release\net8.0-windows\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdb source: System.IO.FileSystem.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdbSHA256 source: System.Dynamic.Runtime.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdb source: System.Runtime.Intrinsics.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdbSHA256 source: System.Net.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdbSHA256: source: System.Resources.ResourceManager.dll0.0.dr, System.Resources.ResourceManager.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdbSHA256 source: System.Core.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing/Release/net8.0-windows/System.Drawing.pdbSHA256k source: System.Drawing.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdb source: System.Net.ServicePoint.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Principal.Windows\Release\net8.0-windows\System.Security.Principal.Windows.pdb source: System.Security.Principal.Windows.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdbSHA256 source: System.Transactions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdbSHA256 source: System.Runtime.CompilerServices.Unsafe.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256I source: System.Xml.ReaderWriter.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: System.Diagnostics.Tracing.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdb source: System.IO.Pipes.AccessControl.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.0.dr
            Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdbSHA256 source: System.Runtime.Intrinsics.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdbSHA2568^ source: System.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.X509Certificates/Release/net8.0-windows/System.Security.Cryptography.X509Certificates.pdb source: System.Security.Cryptography.X509Certificates.dll0.0.dr
            Source: Binary string: System.Security.Principal.Windows.ni.pdb source: System.Security.Principal.Windows.dll0.0.dr
            Source: Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdbSHA256t source: System.Threading.Overlapped.dll.0.dr
            Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdb source: EntityFramework.SqlServer.dll.0.dr
            Source: Binary string: System.IO.Compression.Brotli.ni.pdb source: System.IO.Compression.Brotli.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdbSHA256> source: System.Reflection.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: System.Security.Cryptography.Primitives.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Windows.Extensions/netcoreapp3.0-Release/System.Windows.Extensions.pdbSHA256y3q source: System.Windows.Extensions.dll0.0.dr
            Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: System.Security.Cryptography.ProtectedData.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256[ source: System.ValueTuple.dll.0.dr, System.ValueTuple.dll0.0.dr
            Source: Binary string: System.Diagnostics.TextWriterTraceListener.ni.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.0.dr
            Source: Binary string: System.Collections.ni.pdb source: System.Collections.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdbSHA256r source: System.Reflection.dll0.0.dr, System.Reflection.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll0.0.dr, System.Threading.Tasks.Extensions.dll.0.dr
            Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdb source: System.Xml.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdbSHA256 source: System.ComponentModel.TypeConverter.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: System.Xml.ReaderWriter.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA256 source: System.Threading.Tasks.Parallel.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: System.Reflection.Emit.ILGeneration.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdbSHA256 source: System.Threading.Tasks.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Annotations\Release\net8.0\System.ComponentModel.Annotations.pdb source: System.ComponentModel.Annotations.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdbSHA256 source: System.Threading.Thread.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing/Release/net8.0-windows/System.Drawing.pdb source: System.Drawing.dll0.0.dr
            Source: Binary string: System.Security.Claims.ni.pdb source: System.Security.Claims.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.X509Certificates/Release/net8.0-windows/System.Security.Cryptography.X509Certificates.pdbSHA256 source: System.Security.Cryptography.X509Certificates.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ObjectModel\Release\net8.0\System.ObjectModel.pdb source: System.ObjectModel.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Configuration.ConfigurationManager/netstandard-Release/System.Configuration.ConfigurationManager.pdb source: System.Configuration.ConfigurationManager.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256 source: System.Globalization.dll.0.dr, System.Globalization.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll0.0.dr, System.Data.DataSetExtensions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: netstandard.dll.0.dr, netstandard.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdbSHA256 source: System.Runtime.Serialization.Json.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdb source: System.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdbSHA2562R4c source: System.IO.MemoryMappedFiles.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll0.0.dr
            Source: Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
            Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: netstandard.dll.0.dr, netstandard.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdb source: System.ComponentModel.TypeConverter.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll0.0.dr, System.Data.DataSetExtensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Claims\Release\net8.0\System.Security.Claims.pdb source: System.Security.Claims.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdb source: System.Reflection.dll0.0.dr, System.Reflection.dll.0.dr
            Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdb source: System.Xml.Serialization.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdb source: System.Numerics.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: System.AppContext.dll0.0.dr, System.AppContext.dll.0.dr
            Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb source: sni.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdbSHA256 source: System.Security.Cryptography.Algorithms.dll.0.dr, System.Security.Cryptography.Algorithms.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
            Source: Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
            Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdbSHA2567S source: System.Web.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
            Source: Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
            Source: Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdbSHA256 source: System.IO.FileSystem.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: System.Globalization.dll.0.dr, System.Globalization.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdbSHA256n source: System.Xml.Serialization.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: iTVsz8WAu4.exe
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr
            Source: Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdb source: System.Security.Cryptography.Algorithms.dll.0.dr, System.Security.Cryptography.Algorithms.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: System.Text.Encoding.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: System.Security.Cryptography.Primitives.dll.0.dr
            Source: Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
            Source: Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256NX source: System.Security.SecureString.dll0.0.dr, System.Security.SecureString.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: System.AppContext.dll0.0.dr, System.AppContext.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Xml\Release\net8.0\System.Runtime.Serialization.Xml.pdb source: System.Runtime.Serialization.Xml.dll0.0.dr
            Source: Binary string: System.ComponentModel.TypeConverter.ni.pdb source: System.ComponentModel.TypeConverter.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/WindowsBase/Release/net8.0-windows/WindowsBase.pdbSHA256 source: WindowsBase.dll0.0.dr
            Source: Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdbSHA256#5 source: System.Security.Cryptography.Encoding.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdbSHA256 source: System.Drawing.Common.dll.0.dr
            Source: Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: iTVsz8WAu4.exe
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdbSHA256[ source: System.Resources.Reader.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: System.Reflection.Emit.ILGeneration.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Xml\Release\net8.0\System.Runtime.Serialization.Xml.pdbSHA256 source: System.Runtime.Serialization.Xml.dll0.0.dr
            Source: Binary string: System.IO.FileSystem.Watcher.ni.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
            Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256 source: System.Configuration.dll.0.dr, System.Configuration.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: System.Buffers.dll.0.dr, System.Buffers.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdbSHA256% source: System.Threading.Tasks.Extensions.dll0.0.dr, System.Threading.Tasks.Extensions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256 source: System.Runtime.Serialization.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256S source: System.Net.Mail.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: System.Text.Encoding.Extensions.dll.0.dr
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Temp\.net\iTVsz8WAu4\f0mxih2x.d2d\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Temp\.net\iTVsz8WAu4\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Temp\.net\iTVsz8WAu4\f0mxih2x.d2d\System.Memory.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Jump to behavior

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\netstandard.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebClient.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Requests.dll, type: DROPPED
            Source: global trafficTCP traffic: 192.168.2.7:63680 -> 1.1.1.1:53
            Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
            Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:63796 -> 208.95.112.1:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49746 -> 172.65.251.78:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:63798 -> 172.67.74.152:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:63794 -> 172.67.74.152:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:63795 -> 172.67.74.152:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:63797 -> 172.67.74.152:443
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
            Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
            Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
            Source: global trafficDNS traffic detected: DNS query: gitlab.com
            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
            Source: global trafficDNS traffic detected: DNS query: ip-api.com
            Source: iTVsz8WAu4.exeString found in binary or memory: http://.css
            Source: iTVsz8WAu4.exeString found in binary or memory: http://.jpg
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
            Source: chrome.exe, 00000009.00000002.1686748649.000023F800234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625#
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686994170.000023F8002A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
            Source: msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/50610
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
            Source: msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686994170.000023F8002A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686994170.000023F8002A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
            Source: chrome.exe, 00000009.00000002.1686994170.000023F8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488#
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
            Source: iTVsz8WAu4.exeString found in binary or memory: http://html4/loose.dtd
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
            Source: System.Security.Principal.Windows.dll0.0.dr, System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
            Source: System.Security.Principal.Windows.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
            Source: System.Security.Claims.dll0.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamevhttp://schemas.xmlsoap.o
            Source: msedge.exe, 00000014.00000002.1916512832.000030B400058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: System.ComponentModel.TypeConverter.dll0.0.dr, System.Reflection.Metadata.dll.0.drString found in binary or memory: https://aka.ms/binaryformatter
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?
            Source: System.Runtime.InteropServices.dll.0.drString found in binary or memory: https://aka.ms/dotnet-illink/comj
            Source: System.Net.Security.dll.0.drString found in binary or memory: https://aka.ms/dotnet-warnings/
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet/download
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet/download%s%sInstall
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet/info
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet/sdk-not-foundProbing
            Source: System.Reflection.Metadata.dll.0.drString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
            Source: chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
            Source: chrome.exe, 00000009.00000003.1446037810.0000160C002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1445930210.0000160C002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
            Source: System.Xml.XmlSerializer.dll.0.dr, System.Diagnostics.TextWriterTraceListener.dll0.0.dr, System.Threading.Tasks.Parallel.dll0.0.dr, System.Net.NameResolution.dll0.0.dr, System.Reflection.Emit.Lightweight.dll.0.dr, System.Buffers.dll.0.dr, System.Runtime.Serialization.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr, System.Resources.ResourceManager.dll0.0.dr, System.Dynamic.Runtime.dll.0.dr, System.ComponentModel.Primitives.dll.0.dr, System.Diagnostics.Tracing.dll.0.dr, System.Threading.Tasks.Parallel.dll.0.dr, System.Diagnostics.TextWriterTraceListener.dll.0.dr, System.Xml.XDocument.dll0.0.dr, System.Text.Encodings.Web.dll.0.dr, System.IO.Compression.ZipFile.dll.0.dr, System.Runtime.Serialization.Primitives.dll.0.dr, System.Text.Encoding.CodePages.dll0.0.dr, System.Runtime.InteropServices.RuntimeInformation.dll.0.dr, System.Runtime.InteropServices.dll.0.drString found in binary or memory: https://github.com/dotnet/runtime
            Source: System.ComponentModel.TypeConverter.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtime/issues/50821
            Source: System.Resources.ResourceManager.dll0.0.dr, System.Resources.ResourceManager.dll.0.drString found in binary or memory: https://github.com/dotnet/runtime=
            Source: System.Security.Cryptography.Encoding.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeA
            Source: System.Reflection.DispatchProxy.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeB
            Source: System.Core.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeC
            Source: System.AppContext.dll0.0.dr, System.AppContext.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeGk
            Source: System.Runtime.Handles.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeJ
            Source: System.Net.NameResolution.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeK
            Source: System.ValueTuple.dll.0.dr, System.ValueTuple.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeMY
            Source: Microsoft.CSharp.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeO
            Source: mscorlib.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeOHG
            Source: System.Xml.XmlSerializer.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeP
            Source: System.Security.AccessControl.dll.0.dr, System.Security.SecureString.dll0.0.dr, System.Security.SecureString.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimed
            Source: System.Transactions.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimen;
            Source: System.Globalization.dll.0.dr, System.Globalization.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimeo
            Source: System.Buffers.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.dr, System.Buffers.dll0.0.dr, System.Security.Cryptography.Algorithms.dll0.0.drString found in binary or memory: https://github.com/dotnet/runtimet
            Source: Microsoft.CSharp.dll0.0.drString found in binary or memory: https://github.com/mono/linker/issues/1416.
            Source: System.ComponentModel.TypeConverter.dll0.0.drString found in binary or memory: https://github.com/mono/linker/issues/1731
            Source: System.ComponentModel.TypeConverter.dll0.0.drString found in binary or memory: https://github.com/mono/linker/issues/1895v
            Source: Microsoft.CSharp.dll0.0.drString found in binary or memory: https://github.com/mono/linker/issues/1906.
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
            Source: msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://system.data.sqlite.org/
            Source: msedge.exe, 00000014.00000002.1916774685.000030B4000E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
            Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
            Source: unknownNetwork traffic detected: HTTP traffic on port 63794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 63795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 63797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 63798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63798
            Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.7:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:63794 version: TLS 1.2
            Source: iTVsz8WAu4.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Source: System.Text.Encodings.Web.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Text.Encoding.CodePages.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.Compression.Brotli.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Net.Http.Json.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Net.Http.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Diagnostics.TraceSource.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.Pipes.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Threading.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Diagnostics.TextWriterTraceListener.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.FileSystem.AccessControl.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Text.Json.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.MemoryMappedFiles.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Xml.XPath.XDocument.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Formats.Asn1.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Drawing.Primitives.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Threading.Tasks.Dataflow.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Formats.Tar.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Threading.Channels.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Threading.Tasks.Parallel.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Web.HttpUtility.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.FileSystem.Watcher.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Linq.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Linq.Expressions.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.IsolatedStorage.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Linq.Parallel.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Linq.Queryable.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Memory.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.Compression.ZipFile.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.Compression.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Transactions.Local.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.IO.FileSystem.DriveInfo.dll.0.drStatic PE information: No import functions for PE file found
            Source: System.Text.RegularExpressions.dll.0.drStatic PE information: No import functions for PE file found
            Source: iTVsz8WAu4.exe, 00000000.00000000.1263445254.00007FF6E3238000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemscordaccore.dll@ vs iTVsz8WAu4.exe
            Source: iTVsz8WAu4.exe, 00000000.00000000.1263445254.00007FF6E3238000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoke.dll@ vs iTVsz8WAu4.exe
            Source: iTVsz8WAu4.exeBinary or memory string: OriginalFilenamemscordaccore.dll@ vs iTVsz8WAu4.exe
            Source: iTVsz8WAu4.exeBinary or memory string: OriginalFilenameoke.dll@ vs iTVsz8WAu4.exe
            Source: System.Data.SQLite.dll.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
            Source: classification engineClassification label: mal80.troj.spyw.winEXE@16/366@3/4
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\Public\Documents\638724354911540009Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeMutant created: NULL
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user~1\AppData\Local\Temp\.netJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: iTVsz8WAu4.exeReversingLabs: Detection: 13%
            Source: iTVsz8WAu4.exeVirustotal: Detection: 20%
            Source: iTVsz8WAu4.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
            Source: iTVsz8WAu4.exeString found in binary or memory: Morph - Structs/AddrExp
            Source: iTVsz8WAu4.exeString found in binary or memory: @0x%x with loopPre-importprejittail.call and not BBINSTRExpand patchpointsPost-importImportationIndirect call transformProfile incorporationMorph - InitProfile instrumentation prepProfile instrumentationAllocate ObjectsRemove empty tryMorph - InliningMorph - Add internal blocksClone finallyUpdate finally target flagsRemove empty finallyMerge callfinally chainsEarly livenessPhysical promotionUpdate flow graph early passMorph - Structs/AddrExpMorph - ByRefsMorph - Promote StructsForward SubstitutionIdentify candidates for implicit byref copy omissionGS CookieCompute edge weights (1, false)Morph - GlobalMorph - FinishMerge throw blocksInvert loopsCreate EH funcletsTail mergeOptimize layoutCompute blocks reachabilityPost-morph tail mergeOptimize control flowFind loopsClone loopsSet block weightsRedundant zero InitsMorph array opsHoist loop codeUnroll loopsClear loop infoFind oper orderSet block orderMark local varsOptimize boolsSSA: Doms1SSA: livenessBuild SSA representationSSA: topological sortSSA: renameEarly Value PropagationSSA: DFSSA: insert phisOptimize Valnum CSEsVN based copy propDo value numberingOptimize index checksAssertion propIf conversionVN based intrinsic expansionRedundant branch optsCompute edge weights (2, false)Stress gtSplitTreeVN-based dead store removalUpdate flow graph opt passExpand TLS accessInsert GC PollsExpand runtime lookupsExpand static initDo 'simple' loweringLocal var livenessDetermine first cold blockRationalize IRGlobal local var livenessLowering decompositionLocal var liveness initPer block local var livenessLinear scan register allocLSRA build intervalsLowering nodeinfoCalculate stack level slotsPlace 'align' instructionsGenerate codeLSRA allocateLSRA resolvePost-EmitEmit codeEmit GC+EH tablesProcessor does not have a high-frequency timer.
            Source: iTVsz8WAu4.exeString found in binary or memory: GC initialization failed with error 0x%08XVirtualAlloc2kernelbase.dllMapViewOfFile3bad array new lengthstring too longUsing internal fxrApplication root path is empty. This shouldn't happenUsing internal hostpolicy--depsfilePath containing probing policy and assemblies to probe for.<path>--additionalprobingpath--fx-versionPath to <application>.runtimeconfig.json file.--runtimeconfigPath to <application>.deps.json file.<value>--roll-forwardVersion of the installed Shared Framework to use to run the application.<version>--roll-forward-on-no-candidate-fxPath to additional deps.json file.--additional-depsRoll forward to framework version (LatestPatch, Minor, LatestMinor, Major, LatestMajor, Disable)Parsed known arg %s = %ssdk<obsolete><n>Application '%s' is not a managed executable.Using the provided arguments to determine the application to execute. %s %-*s %sFailed to parse supported options or their values:--- Executing in split/FX mode...The application to execute does not exist: '%s'dotnet exec needs a managed .dll or .exe extension. The application specified was '%s'Application '%s' does not exist.staticexec--- Executing in muxer mode...--- Executing in a native executable mode...
            Source: iTVsz8WAu4.exeString found in binary or memory: %s --list-runtimes Display the installed runtimeshost-options: The path to an application .dll file to execute.path-to-application: --info Display .NET information. -h|--help Displays this help.Common Options: --list-sdks Display the installed SDKsinvalid hash bucket countunordered_map/set too longinvalid string positionvector too longInvalid startup info: host_path, dotnet_root, and app_path should not be null.A fatal error occurred while processing application bundlehostfxr_main_bundle_startupinfo--- Invoked %s [version: %s]hostfxr_main_startupinfoget-native-search-directories--list-runtimes--list-sdksUsing dotnet root path [%s]/?-?--help-hdotnet.dll The command could not be loaded, possibly because:
            Source: iTVsz8WAu4.exeString found in binary or memory: %s --list-runtimes Display the installed runtimeshost-options: The path to an application .dll file to execute.path-to-application: --info Display .NET information. -h|--help Displays this help.Common Options: --list-sdks Display the installed SDKsinvalid hash bucket countunordered_map/set too longinvalid string positionvector too longInvalid startup info: host_path, dotnet_root, and app_path should not be null.A fatal error occurred while processing application bundlehostfxr_main_bundle_startupinfo--- Invoked %s [version: %s]hostfxr_main_startupinfoget-native-search-directories--list-runtimes--list-sdksUsing dotnet root path [%s]/?-?--help-hdotnet.dll The command could not be loaded, possibly because:
            Source: iTVsz8WAu4.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
            Source: unknownProcess created: C:\Users\user\Desktop\iTVsz8WAu4.exe "C:\Users\user\Desktop\iTVsz8WAu4.exe"
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1580 --field-trial-handle=1440,i,10015738160290099957,7113324669390764060,262144 --disable-features=PaintHolding /prefetch:8
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9351 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1616 --field-trial-handle=1388,i,4130655194958272228,13477878399729712916,262144 --disable-features=PaintHolding /prefetch:3
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9351 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1580 --field-trial-handle=1440,i,10015738160290099957,7113324669390764060,262144 --disable-features=PaintHolding /prefetch:8Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1616 --field-trial-handle=1388,i,4130655194958272228,13477878399729712916,262144 --disable-features=PaintHolding /prefetch:3Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: icu.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: wshunix.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeSection loaded: mscoree.dllJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
            Source: iTVsz8WAu4.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: iTVsz8WAu4.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: iTVsz8WAu4.exeStatic file information: File size 43526138 > 1048576
            Source: iTVsz8WAu4.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x61a800
            Source: iTVsz8WAu4.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x17c600
            Source: iTVsz8WAu4.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x150a00
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: iTVsz8WAu4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: iTVsz8WAu4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdb source: System.Threading.Thread.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: System.Security.Cryptography.Csp.dll.0.dr
            Source: Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Handles/Release/net8.0-windows/System.Runtime.Handles.pdbSHA256 source: System.Runtime.Handles.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.0.dr
            Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb@@@GCTL source: sni.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: System.Reflection.Emit.Lightweight.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Handles/Release/net8.0-windows/System.Runtime.Handles.pdb source: System.Runtime.Handles.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256P?> source: System.Diagnostics.DiagnosticSource.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: System.Xml.XDocument.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll0.0.dr
            Source: Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
            Source: Binary string: System.ObjectModel.ni.pdb source: System.ObjectModel.dll.0.dr
            Source: Binary string: System.IO.MemoryMappedFiles.ni.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdb source: System.Web.dll0.0.dr
            Source: Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdbSHA256= source: System.Runtime.CompilerServices.VisualC.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Configuration.ConfigurationManager/netstandard-Release/System.Configuration.ConfigurationManager.pdbSHA256; source: System.Configuration.ConfigurationManager.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdb source: System.CodeDom.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll0.0.dr, System.Security.SecureString.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256<q source: System.Net.WebProxy.dll.0.dr
            Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdbSHA256 source: System.Data.SQLite.EF6.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdbSHA256<t source: System.Numerics.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdb source: System.Drawing.Common.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdb source: System.Reflection.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: System.Threading.dll.0.dr
            Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr
            Source: Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdbSHA256 source: System.Diagnostics.Tools.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdb source: System.Resources.Reader.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdbSHA2563 source: System.IO.FileSystem.Primitives.dll.0.dr
            Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TextWriterTraceListener\Release\net8.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256v source: System.Buffers.dll.0.dr, System.Buffers.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdbSHA256 source: System.Net.ServicePoint.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: System.Runtime.Serialization.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: System.Reflection.Emit.Lightweight.dll.0.dr
            Source: Binary string: System.Threading.ni.pdb source: System.Threading.dll.0.dr
            Source: Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdb source: System.Net.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll0.0.dr
            Source: Binary string: System.Net.ServicePoint.ni.pdb source: System.Net.ServicePoint.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdbSHA256a{ source: System.IO.Compression.FileSystem.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.0.dr, System.ValueTuple.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdbSHA256 source: System.Xml.dll0.0.dr
            Source: Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
            Source: Binary string: System.ComponentModel.Annotations.ni.pdb source: System.ComponentModel.Annotations.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
            Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
            Source: Binary string: System.Net.WebProxy.ni.pdb source: System.Net.WebProxy.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll0.0.dr
            Source: Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
            Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/WindowsBase/Release/net8.0-windows/WindowsBase.pdb source: WindowsBase.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll0.0.dr, System.Resources.ResourceManager.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections\Release\net8.0\System.Collections.pdb source: System.Collections.dll0.0.dr
            Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: System.IO.Compression.ZipFile.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: System.Configuration.dll.0.dr, System.Configuration.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdbSHA256 source: System.IO.Pipes.AccessControl.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256sO source: System.Net.Requests.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Windows.Extensions/netcoreapp3.0-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdb source: System.Threading.Overlapped.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdb source: System.Core.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdbSHA256 source: System.Windows.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: System.Net.WebProxy.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdb source: System.Transactions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
            Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdbSHA256s source: EntityFramework.SqlServer.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.Brotli\Release\net8.0-windows\System.IO.Compression.Brotli.pdb source: System.IO.Compression.Brotli.dll.0.dr
            Source: Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.0.dr
            Source: Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Watcher\Release\net8.0-windows\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdb source: System.IO.FileSystem.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdbSHA256 source: System.Dynamic.Runtime.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdb source: System.Runtime.Intrinsics.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdbSHA256 source: System.Net.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdbSHA256: source: System.Resources.ResourceManager.dll0.0.dr, System.Resources.ResourceManager.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdbSHA256 source: System.Core.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing/Release/net8.0-windows/System.Drawing.pdbSHA256k source: System.Drawing.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdb source: System.Net.ServicePoint.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Principal.Windows\Release\net8.0-windows\System.Security.Principal.Windows.pdb source: System.Security.Principal.Windows.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdbSHA256 source: System.Transactions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdbSHA256 source: System.Runtime.CompilerServices.Unsafe.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256I source: System.Xml.ReaderWriter.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: System.Diagnostics.Tracing.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdb source: System.IO.Pipes.AccessControl.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.0.dr
            Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdbSHA256 source: System.Runtime.Intrinsics.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdbSHA2568^ source: System.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.X509Certificates/Release/net8.0-windows/System.Security.Cryptography.X509Certificates.pdb source: System.Security.Cryptography.X509Certificates.dll0.0.dr
            Source: Binary string: System.Security.Principal.Windows.ni.pdb source: System.Security.Principal.Windows.dll0.0.dr
            Source: Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdbSHA256t source: System.Threading.Overlapped.dll.0.dr
            Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdb source: EntityFramework.SqlServer.dll.0.dr
            Source: Binary string: System.IO.Compression.Brotli.ni.pdb source: System.IO.Compression.Brotli.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdbSHA256> source: System.Reflection.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: System.Security.Cryptography.Primitives.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Windows.Extensions/netcoreapp3.0-Release/System.Windows.Extensions.pdbSHA256y3q source: System.Windows.Extensions.dll0.0.dr
            Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: System.Security.Cryptography.ProtectedData.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256[ source: System.ValueTuple.dll.0.dr, System.ValueTuple.dll0.0.dr
            Source: Binary string: System.Diagnostics.TextWriterTraceListener.ni.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.0.dr
            Source: Binary string: System.Collections.ni.pdb source: System.Collections.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdbSHA256r source: System.Reflection.dll0.0.dr, System.Reflection.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll0.0.dr, System.Threading.Tasks.Extensions.dll.0.dr
            Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdb source: System.Xml.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdbSHA256 source: System.ComponentModel.TypeConverter.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: System.Xml.ReaderWriter.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA256 source: System.Threading.Tasks.Parallel.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: System.Reflection.Emit.ILGeneration.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdbSHA256 source: System.Threading.Tasks.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Annotations\Release\net8.0\System.ComponentModel.Annotations.pdb source: System.ComponentModel.Annotations.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdbSHA256 source: System.Threading.Thread.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing/Release/net8.0-windows/System.Drawing.pdb source: System.Drawing.dll0.0.dr
            Source: Binary string: System.Security.Claims.ni.pdb source: System.Security.Claims.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.X509Certificates/Release/net8.0-windows/System.Security.Cryptography.X509Certificates.pdbSHA256 source: System.Security.Cryptography.X509Certificates.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ObjectModel\Release\net8.0\System.ObjectModel.pdb source: System.ObjectModel.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Configuration.ConfigurationManager/netstandard-Release/System.Configuration.ConfigurationManager.pdb source: System.Configuration.ConfigurationManager.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256 source: System.Globalization.dll.0.dr, System.Globalization.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll0.0.dr, System.Data.DataSetExtensions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: netstandard.dll.0.dr, netstandard.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdbSHA256 source: System.Runtime.Serialization.Json.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdb source: System.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdbSHA2562R4c source: System.IO.MemoryMappedFiles.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll0.0.dr
            Source: Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
            Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: netstandard.dll.0.dr, netstandard.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdb source: System.ComponentModel.TypeConverter.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll0.0.dr, System.Data.DataSetExtensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Claims\Release\net8.0\System.Security.Claims.pdb source: System.Security.Claims.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdb source: System.Reflection.dll0.0.dr, System.Reflection.dll.0.dr
            Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdb source: System.Xml.Serialization.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdb source: System.Numerics.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: System.AppContext.dll0.0.dr, System.AppContext.dll.0.dr
            Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb source: sni.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdbSHA256 source: System.Security.Cryptography.Algorithms.dll.0.dr, System.Security.Cryptography.Algorithms.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
            Source: Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
            Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdbSHA2567S source: System.Web.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
            Source: Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
            Source: Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdbSHA256 source: System.IO.FileSystem.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: System.Globalization.dll.0.dr, System.Globalization.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdbSHA256n source: System.Xml.Serialization.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: iTVsz8WAu4.exe
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr
            Source: Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdb source: System.Security.Cryptography.Algorithms.dll.0.dr, System.Security.Cryptography.Algorithms.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: System.Text.Encoding.Extensions.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: System.Security.Cryptography.Primitives.dll.0.dr
            Source: Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
            Source: Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256NX source: System.Security.SecureString.dll0.0.dr, System.Security.SecureString.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: System.AppContext.dll0.0.dr, System.AppContext.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Xml\Release\net8.0\System.Runtime.Serialization.Xml.pdb source: System.Runtime.Serialization.Xml.dll0.0.dr
            Source: Binary string: System.ComponentModel.TypeConverter.ni.pdb source: System.ComponentModel.TypeConverter.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/WindowsBase/Release/net8.0-windows/WindowsBase.pdbSHA256 source: WindowsBase.dll0.0.dr
            Source: Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdbSHA256#5 source: System.Security.Cryptography.Encoding.dll.0.dr
            Source: Binary string: /_/artifacts/obj/ref/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdbSHA256 source: System.Drawing.Common.dll.0.dr
            Source: Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: iTVsz8WAu4.exe
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdbSHA256[ source: System.Resources.Reader.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: System.Reflection.Emit.ILGeneration.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll0.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Xml\Release\net8.0\System.Runtime.Serialization.Xml.pdbSHA256 source: System.Runtime.Serialization.Xml.dll0.0.dr
            Source: Binary string: System.IO.FileSystem.Watcher.ni.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
            Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256 source: System.Configuration.dll.0.dr, System.Configuration.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: System.Buffers.dll.0.dr, System.Buffers.dll0.0.dr
            Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdbSHA256% source: System.Threading.Tasks.Extensions.dll0.0.dr, System.Threading.Tasks.Extensions.dll.0.dr
            Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256 source: System.Runtime.Serialization.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256S source: System.Net.Mail.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: System.Text.Encoding.Extensions.dll.0.dr
            Source: iTVsz8WAu4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: iTVsz8WAu4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: iTVsz8WAu4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: iTVsz8WAu4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: iTVsz8WAu4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: Microsoft.CSharp.dll.0.drStatic PE information: 0x944D46DD [Wed Nov 4 08:46:21 2048 UTC]
            Source: iTVsz8WAu4.exeStatic PE information: section name: .CLR_UEF
            Source: iTVsz8WAu4.exeStatic PE information: section name: .didat
            Source: iTVsz8WAu4.exeStatic PE information: section name: Section
            Source: iTVsz8WAu4.exeStatic PE information: section name: _RDATA
            Source: System.Text.Encoding.CodePages.dll.0.drStatic PE information: section name: .text entropy: 7.522718183898096
            Source: System.Text.RegularExpressions.dll.0.drStatic PE information: section name: .text entropy: 6.876591681699572
            Source: System.Linq.Parallel.dll.0.drStatic PE information: section name: .text entropy: 6.816032788074863
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Http.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Claims.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Common.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Claims.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Expressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Principal.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Process.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Permissions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Principal.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.UnmanagedMemoryStream.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Mail.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Console.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Algorithms.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.ReaderWriter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Quic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Http.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.CodePages.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.NonGeneric.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\sni.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Formatters.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.TraceSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Windows.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ServiceProcess.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TraceSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Intrinsics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ValueTuple.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Mail.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Annotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ObjectModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\netstandard.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.MemoryMappedFiles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.AppContext.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.Win32.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Transactions.Local.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.DataSetExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\WindowsBase.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Queryable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.CodeDom.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.Annotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Http.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Concurrent.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Memory.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\netstandard.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Transactions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Formats.Asn1.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.SecureString.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Channels.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.TypeConverter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Dataflow.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Management.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Web.HttpUtility.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Contracts.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebHeaderCollection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Formats.Tar.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Management.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.ZipFile.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Principal.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.ProtectedData.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.SystemEvents.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.UnmanagedMemoryStream.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\WindowsBase.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Dynamic.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ServiceModel.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Requests.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Tracing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Metadata.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Buffers.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.ServicePoint.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.ILGeneration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Permissions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Web.HttpUtility.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.CSharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.ThreadPool.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.ResourceManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Channels.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Http.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Registry.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.CSharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.Lightweight.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ObjectModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XPath.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.DiagnosticSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.DispatchProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.NameResolution.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.Reader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Dynamic.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.VisualBasic.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.StackTrace.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.NetworkInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.CodePages.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.HttpListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Thread.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.IsolatedStorage.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Ping.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.Common.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Expressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\oke.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.AppContext.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encodings.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.EventBasedAsync.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Transactions.Local.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Memory.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.SecureString.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Drawing.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Buffers.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Pipes.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Ping.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Drawing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Immutable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ValueTuple.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Sockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.Brotli.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Queryable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.ILGeneration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Loader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Pipes.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XmlSerializer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebSockets.Client.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Process.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.NonGeneric.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Cng.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.ThreadPool.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Thread.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Contracts.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.RegularExpressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.TypeConverter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Requests.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.MemoryMappedFiles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.DriveInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.TypeExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.ServicePoint.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.Brotli.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.FileVersionInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.Writer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Pipes.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XPath.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.Watcher.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Formatters.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Configuration.ConfigurationManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.ReaderWriter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\mscorlib.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Overlapped.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.RegularExpressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.DispatchProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Transactions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Dataflow.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ServiceProcess.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XPath.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.SqlClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Overlapped.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.DataSetExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.DiagnosticSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Immutable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Xml.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encodings.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.TypeExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.EventBasedAsync.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Intrinsics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Handles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebSockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Windows.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.Win32.Registry.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Csp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ServiceModel.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Uri.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.FileVersionInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebSockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Calendars.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Pipes.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.X509Certificates.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.SqlServer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Console.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.HttpListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XmlDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.ResourceManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.EF6.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Specialized.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Timer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XPath.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.Lightweight.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Algorithms.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.Writer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Sockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.ZipFile.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Handles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Csp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Specialized.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Metadata.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Asn1.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebSockets.Client.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Quic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.OpenSsl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Tar.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tools.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\mscorlib.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.X509Certificates.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Concurrent.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.DriveInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.CoreLib.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Configuration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.IsolatedStorage.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.NameResolution.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.DataAnnotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.NetworkInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.Reader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.Common.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Cng.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Timer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SqlClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Loader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.ConfigurationManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.OpenSsl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.DataAnnotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.StackTrace.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\SQLite.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.DataContractSerialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.Calendars.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XmlDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebHeaderCollection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Tools.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tracing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Principal.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XmlSerializer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.Watcher.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile created: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.dllJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Icon mismatch, binary includes an icon from a different legit application in order to fool users
            Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (28).png
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeMemory allocated: 17D38330000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeWindow / User API: threadDelayed 403Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeWindow / User API: threadDelayed 505Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeWindow / User API: threadDelayed 3856Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Http.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Claims.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Common.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Claims.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Expressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Principal.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Process.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Permissions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Principal.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.UnmanagedMemoryStream.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Console.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Mail.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Algorithms.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Quic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.ReaderWriter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Http.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.NonGeneric.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.CodePages.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\sni.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Formatters.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.TraceSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Windows.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ServiceProcess.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TraceSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Intrinsics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ValueTuple.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Mail.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Annotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ObjectModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\netstandard.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.MemoryMappedFiles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.AppContext.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.Win32.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.DataSetExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Transactions.Local.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Queryable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\WindowsBase.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.CodeDom.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.Annotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Http.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Concurrent.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Memory.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\netstandard.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Transactions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Formats.Asn1.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.SecureString.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Channels.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.TypeConverter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Dataflow.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Debug.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Management.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Web.HttpUtility.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Contracts.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Formats.Tar.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebHeaderCollection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Management.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.ZipFile.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Principal.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.ProtectedData.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.UnmanagedMemoryStream.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.SystemEvents.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\WindowsBase.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ServiceModel.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Dynamic.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Requests.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Tracing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Buffers.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Metadata.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.ILGeneration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.ServicePoint.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Permissions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Web.HttpUtility.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.CSharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.ThreadPool.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.ResourceManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Channels.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Http.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Registry.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.CSharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.Lightweight.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ObjectModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XPath.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.DiagnosticSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.DispatchProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.NameResolution.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Dynamic.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.Reader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.StackTrace.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.VisualBasic.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.CodePages.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.NetworkInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.HttpListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Ping.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Thread.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.IsolatedStorage.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.Common.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Expressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\oke.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.AppContext.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encodings.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.EventBasedAsync.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Memory.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Transactions.Local.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.SecureString.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Drawing.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Buffers.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Ping.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Pipes.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Drawing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Immutable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ValueTuple.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Sockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.Brotli.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Queryable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.ILGeneration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Loader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Pipes.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XmlSerializer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebSockets.Client.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Process.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.NonGeneric.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Cng.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.ThreadPool.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Thread.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Contracts.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.RegularExpressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.TypeConverter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Requests.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.MemoryMappedFiles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.DriveInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.TypeExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.ServicePoint.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.Brotli.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Pipes.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.FileVersionInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.Writer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XPath.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.Watcher.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Formatters.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Configuration.ConfigurationManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.ReaderWriter.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\mscorlib.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Overlapped.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.RegularExpressions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.DispatchProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Transactions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Dataflow.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ServiceProcess.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebProxy.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XPath.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.SqlClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Immutable.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.DiagnosticSource.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Overlapped.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.DataSetExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Xml.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encodings.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.TypeExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.EventBasedAsync.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Intrinsics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Handles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebSockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Windows.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.Win32.Registry.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Csp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ServiceModel.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.FileVersionInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Uri.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Security.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebSockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Calendars.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.X509Certificates.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Pipes.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.SqlServer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Web.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Console.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.HttpListener.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XmlDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.ResourceManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Specialized.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.EF6.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Timer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XPath.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.Lightweight.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Algorithms.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Sockets.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.Writer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.ZipFile.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Handles.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Csp.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Specialized.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Metadata.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Quic.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Asn1.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebSockets.Client.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.OpenSsl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Tar.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tools.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\mscorlib.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Concurrent.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.X509Certificates.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.DriveInfo.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.CoreLib.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Configuration.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.IsolatedStorage.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.NameResolution.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Primitives.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Parallel.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.DataAnnotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.NetworkInformation.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.Reader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.Common.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Cng.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.Linq.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Timer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SqlClient.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Loader.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.ConfigurationManager.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.DataAnnotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.OpenSsl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.StackTrace.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\SQLite.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.DataContractSerialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.AccessControl.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.Calendars.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XmlDocument.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebHeaderCollection.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Tools.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tracing.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.Serialization.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Numerics.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Principal.Windows.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XmlSerializer.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.Watcher.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.dllJump to dropped file
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 1652Thread sleep count: 97 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 3620Thread sleep count: 403 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 3620Thread sleep count: 194 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 2196Thread sleep count: 43 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 1652Thread sleep count: 101 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 2156Thread sleep count: 317 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 2196Thread sleep count: 505 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 2156Thread sleep count: 3856 > 30Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exe TID: 6700Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Temp\.net\iTVsz8WAu4\f0mxih2x.d2d\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Temp\.net\iTVsz8WAu4\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Temp\.net\iTVsz8WAu4\f0mxih2x.d2d\System.Memory.dllJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
            Source: chrome.exe, 00000009.00000002.1684072658.000002072CCB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: msedge.exe, 00000014.00000002.1913780728.00000273AE62B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9351 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shmJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-walJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDirectory queried: C:\Users\Public\Documents\638724354911540009\FilesJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDirectory queried: C:\Users\Public\Documents\638724354911540009\Files\DJump to behavior
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeDirectory queried: C:\Users\Public\Documents\638724354911540009\Files\DJump to behavior

            Remote Access Functionality

            barindex
            Attempt to bypass Chrome Application-Bound Encryption
            Source: C:\Users\user\Desktop\iTVsz8WAu4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		11
            Process Injection            		11
            Masquerading            		1
            OS Credential Dumping            		1
            Security Software Discovery            		Remote Services11
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable Media1
            Remote Access Software            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets12
            File and Directory Discovery            		SSHKeylogging3
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Software Packing            		Cached Domain Credentials3
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            iTVsz8WAu4.exe13%ReversingLabsWin64.Malware.Giant
            iTVsz8WAu4.exe21%VirustotalBrowse

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.SqlServer.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.CSharp.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.Core.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Primitives.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Registry.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.SystemEvents.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Newtonsoft.Json.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\SQLite.Interop.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.AppContext.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Buffers.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.CodeDom.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Concurrent.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Immutable.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.NonGeneric.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Specialized.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Annotations.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.DataAnnotations.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.EventBasedAsync.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Primitives.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.TypeConverter.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.ConfigurationManager.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Console.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Core.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.Common.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.DataSetExtensions.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.EF6.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SqlClient.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Contracts.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Debug.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.FileVersionInfo.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Process.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.StackTrace.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TextWriterTraceListener.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tools.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TraceSource.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tracing.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Common.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Primitives.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Dynamic.Runtime.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Asn1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Tar.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Calendars.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Extensions.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.Brotli.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.FileSystem.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://anglebug.com/506100%Avira URL Cloudsafe
            http://anglebug.com/7488#0%Avira URL Cloudsafe
            http://anglebug.com/3625#0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            gitlab.com
            		172.65.251.78
            		truefalse
              		high
              api.ipify.org
              		172.67.74.152
              		truefalse
                		high
                ip-api.com
                		208.95.112.1
                		truefalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005System.Security.Claims.dll0.0.drfalse
                    		high
                    https://github.com/mono/linker/issues/1731System.ComponentModel.TypeConverter.dll0.0.drfalse
                      		high
                      http://anglebug.com/6651chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://anglebug.com/6574chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://anglebug.com/4830chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200System.Security.Claims.dll0.0.drfalse
                              		high
                              https://aka.ms/dotnet/infoiTVsz8WAu4.exefalse
                                		high
                                http://anglebug.com/2970chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://anglebug.com/4633chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://anglebug.com/7382chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://issuetracker.google.com/284462263msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.chambersign.org1msedge.exe, 00000014.00000002.1916512832.000030B400058000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://aka.ms/dotnet/app-launch-failediTVsz8WAu4.exefalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceSystem.Security.Claims.dll0.0.drfalse
                                              		high
                                              http://anglebug.com/8162chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/mono/linker/issues/1895vSystem.ComponentModel.TypeConverter.dll0.0.drfalse
                                                  		high
                                                  http://anglebug.com/8280chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://issuetracker.google.com/220069903msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://anglebug.com/7308chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationSystem.Security.Claims.dll0.0.drfalse
                                                          		high
                                                          http://anglebug.com/2162chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/7714chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://anglebug.com/5430msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidSystem.Security.Principal.Windows.dll0.0.dr, System.Security.Claims.dll0.0.drfalse
                                                                  		high
                                                                  http://anglebug.com/4901chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oSystem.Security.Claims.dll0.0.drfalse
                                                                      		high
                                                                      http://anglebug.com/3498chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://anglebug.com/50610msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://anglebug.com/6248chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anglebug.com/6929chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.EF6.dll.0.drfalse
                                                                              		high
                                                                              http://anglebug.com/5281chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSystem.Security.Principal.Windows.dll0.0.drfalse
                                                                                  		high
                                                                                  https://anglebug.com/4966chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://anglebug.com/7319chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://anglebug.com/7488#chrome.exe, 00000009.00000002.1686994170.000023F8002A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://issuetracker.google.com/255411748msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://anglebug.com/5421chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierSystem.Security.Claims.dll0.0.drfalse
                                                                                            		high
                                                                                            http://anglebug.com/7047chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://anglebug.com/7246chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://anglebug.com/7369chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://anglebug.com/7489chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://issuetracker.google.com/274859104msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://aka.ms/dotnet/download%s%sInstalliTVsz8WAu4.exefalse
                                                                                                        		high
                                                                                                        http://anglebug.com/6878chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/6755chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/6876chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/7724chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/3625#chrome.exe, 00000009.00000002.1686748649.000023F800234000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://github.com/dotnet/runtimeOHGmscorlib.dll.0.drfalse
                                                                                                                  		high
                                                                                                                  https://github.com/dotnet/runtimen;System.Transactions.dll.0.drfalse
                                                                                                                    		high
                                                                                                                    https://issuetracker.google.com/161903006msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/7172chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/dotnet/runtimetSystem.Buffers.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.dr, System.Buffers.dll0.0.dr, System.Security.Cryptography.Algorithms.dll0.0.drfalse
                                                                                                                          		high
                                                                                                                          https://github.com/dotnet/runtimeoSystem.Globalization.dll.0.dr, System.Globalization.dll0.0.drfalse
                                                                                                                            		high
                                                                                                                            https://aka.ms/dotnet-illink/comjSystem.Runtime.InteropServices.dll.0.drfalse
                                                                                                                              		high
                                                                                                                              https://anglebug.com/7899chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/7279chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://anglebug.com/3078chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/7036chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/7553chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/5375chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/6860chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.catcert.net/verarrelmsedge.exe, 00000014.00000002.1916774685.000030B4000E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/5371chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://aka.ms/dotnet/sdk-not-foundProbingiTVsz8WAu4.exefalse
                                                                                                                                                  		high
                                                                                                                                                  http://anglebug.com/4722chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/5658chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://anglebug.com/5535chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/4324chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/7556chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/dotnet/runtime/issues/50821System.ComponentModel.TypeConverter.dll0.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/dotnet/runtimeMYSystem.ValueTuple.dll.0.dr, System.ValueTuple.dll0.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://issuetracker.google.com/187425444msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://aka.ms/dotnet/downloadiTVsz8WAu4.exefalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://html4/loose.dtdiTVsz8WAu4.exefalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/3584chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://github.com/dotnet/runtime=System.Resources.ResourceManager.dll0.0.dr, System.Resources.ResourceManager.dll.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/4551chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/5881chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686994170.000023F8002A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/6692chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://issuetracker.google.com/258207403msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://issuetracker.google.com/253522366msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/3502chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/3623msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/dotnet/runtimeCSystem.Core.dll0.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/3625msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/3624msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/3586chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/5007chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://github.com/dotnet/runtimeASystem.Security.Cryptography.Encoding.dll.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/3862chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://github.com/dotnet/runtimeBSystem.Reflection.DispatchProxy.dll0.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://issuetracker.google.com/184850002msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/4836chrome.exe, 00000009.00000003.1456041796.000023F8001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1685704003.000023F80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1686833432.000023F800258000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917571611.000030B40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.1917824958.000030B4002E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://issuetracker.google.com/issues/166475273msedge.exe, 00000014.00000003.1693554846.000030B4002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://.cssiTVsz8WAu4.exefalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20System.Security.Claims.dll0.0.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://aka.ms/dotnet-core-applaunch?iTVsz8WAu4.exefalse
                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    208.95.112.1
                                                                                                                                                                                                                    		ip-api.comUnited States
                                                                                                                                                                                                                    		53334TUT-ASUSfalse
                                                                                                                                                                                                                    172.65.251.78
                                                                                                                                                                                                                    		gitlab.comUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                    172.67.74.152
                                                                                                                                                                                                                    		api.ipify.orgUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                    Analysis ID:1590659
                                                                                                                                                                                                                    Start date and time:2025-01-14 13:10:16 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 8m 27s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Number of analysed new started processes analysed:25
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:iTVsz8WAu4.exe
                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                    Original Sample Name:ff542214469620d4b284472dae80e77d50f0b6a1f3da3c2b0922243a8796ae26.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal80.troj.spyw.winEXE@16/366@3/4
                                                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    • Number of executed functions: 0
                                                                                                                                                                                                                    • Number of non-executed functions: 0
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.32.7, 52.113.194.132, 2.23.242.162, 52.111.231.24, 52.111.231.25, 52.111.231.26, 52.111.231.23, 51.132.193.104, 104.126.116.105, 104.126.116.65, 2.19.97.203, 2.19.97.171, 2.21.65.149, 2.21.65.130, 13.107.246.45, 20.12.23.50, 40.126.31.73
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, onedscolprduks02.uksouth.cloudapp.azure.com, templatesmetadata.office.net.edgekey.net, time.windows.com, osiprod-ukw-buff-azsc-000.ukwest.cloudapp.azure.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, dns.msftncsi.com, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, ukw-azsc-000.roaming.officeapps.live.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.o
                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    No simulations

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    208.95.112.1DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                    rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    gitlab.comDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    hnsadjhfg18De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    slifdgjsidfg19.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    ip-api.comDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    api.ipify.orgDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                    009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 104.26.12.205

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    CLOUDFLARENETUSDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                    http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                                                    TUT-ASUSDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 208.95.112.1
                                                                                                                                                                                                                    CLOUDFLARENETUSDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                    http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                    • 1.1.1.1

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0eDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152
                                                                                                                                                                                                                    pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                                    • 172.65.251.78
                                                                                                                                                                                                                    • 172.67.74.152

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.dllzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Console.dll.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.SqlServer.dllzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              Console.dll.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724354911540009\Browser\Firefox\fu7wner3.default-release\Cookies.json

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724354911540009\Default_LoginDataTemp.db

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724354911540009\Files\D\hwcompat.txt

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):751624
                                                                                                                                                                                                                                Entropy (8bit):4.941596949315087
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:5CgixLwQcUHW0tKouM4kD+nRzkSv9N+VYuhras4V:AgixLIUHW0tK7MmkSv9w/tas4
                                                                                                                                                                                                                                MD5:FBF37B8B1EE4640B1C470F2F07A80E4A
                                                                                                                                                                                                                                SHA1:B239C5499FA63D397C3DD35A7F605CE86D91B44B
                                                                                                                                                                                                                                SHA-256:E21DB717F31F9465420E6354BAA5AFAEAA3521DEB885ED46BC90530AEE9FFD20
                                                                                                                                                                                                                                SHA-512:F9439E2D7B63825FE812EE380F1EF8B277D50EED706B6ABE4B8563423891FF425A00083E88626084EE493376F1DA742ECD73B6B5F892E001C4F9048C7D3AC36C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:HwCompat V4....1394.inf:..PCI\CC_0C0010..PCI\VEN_10CF&CC_0C0010..PCI\VEN_11C1&CC_0C0010..PCI\VEN_100B&DEV_000F..PCI\VEN_100B&CC_0C0010..PCI\VEN_1033&DEV_0063..PCI\VEN_1033&CC_0C0010..PCI\VEN_1180&CC_0C0010..PCI\VEN_104D&DEV_8039..PCI\VEN_104D&DEV_8039&REV_03..PCI\VEN_104C&DEV_8009..PCI\VEN_104C&DEV_8019..PCI\VEN_104C&CC_0C0010..PCI\VEN_104C&DEV_8009&SUBSYS_8032104D..PCI\VEN_1106&DEV_3044..PCI\VEN_1106&CC_0C0010....3ware.inf:..PCI\VEN_13C1&DEV_1010&SUBSYS_000113C1....55fpgafirmware.inf:..UEFI\RES_{C907D5F6-BBE9-47EE-B76B-5E28C7F9FC63}....55niosfirmware.inf:..UEFI\RES_{06B75ADA-B0E1-46BA-BB3B-4D6E4A0F2CB1}....55smcappfirmware.inf:..UEFI\RES_{364D032C-0041-48A6-A26F-62388D97FC6C}....55smcbootfirmware.inf:..UEFI\RES_{DA50CBA0-8F33-4B66-8A3A-08F84015C33F}....55stguestfirmware.inf:..UEFI\RES_{4E11B2F5-AF26-49D5-A549-72AE52345E22}....55stoutfirmware.inf:..UEFI\RES_{7E2BEABF-4BE5-4C10-AF9C-4C1A69E06033}....55stpcfirmware.inf:..UEFI\RES_{296EFE23-EB18-42EE-8B12-51489B27232A}....55sttouchbackgue

                                                                                                                                                                                                                                C:\Users\Public\Documents\Backup_[United States]_8.46.123.189_[1401].zip

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                Size (bytes):105245
                                                                                                                                                                                                                                Entropy (8bit):7.988507155271616
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:qZBYo7zUAvQlAXKqhaz+Z+Qx/qhCbWweL2ZS/MPXbr:qzYo7QlA61z+Z+Q4hCyuQ/Mv
                                                                                                                                                                                                                                MD5:66E57C31EECA7E22FDE5AAE53C43A54E
                                                                                                                                                                                                                                SHA1:EAE45CC40F2F8999419917FD4587B7EEC0D36E25
                                                                                                                                                                                                                                SHA-256:E070D529B20BAB82F0E782B8C7F4FCF89B5AD77A4120EAEC3C9A6F910EDC4068
                                                                                                                                                                                                                                SHA-512:033611008BEE16733823E21A6692FB61F8705029FFAA0CA3A114B2C67F54C4CA7FCB9C153BE1EF5A175ED984AE7A63A094724AAEE836B7E19E02843C63970F63
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:PK........d.(U.8n~.....x......Files/D/hwcompat.txt..ks.7.&......_.g...*...~z.*.....n..":(..x,^B.l.N..?.uMt'PY.......-.$.............?....~.............Eq......Uuq.>..~.t.......y^}Df.A.......x<.]6l./H-.-&c$....KY..L............0q.s/j`.....p.....w.M.T....}..i@........O...} ./.z.a[...*R/..:Z.y..t\U.<..EX........-.....+./..0+.E.U.BG9|.A..eT..U.........g+. .%.Q..<...,Zd*......Lc.Q1r....jeUf.W.H. X.<..I.d./....a..u......;+].~..p..*Z..P..XeU......VO...J.U...*\....eZ.W.....|...o.|T.Uu..E...B+h.$..".u..*V...>......o~....... L."/.e.x........yU.^.=/.......8.2^.a..4.."..h.4N.$..:....8......dQ...[.U....E..Tu..u.0..$...8.}.<U..(.A'2..A.N G...%...Z)(..k(d\..T.....(.<..6o.vv."(..D|.A/Z. .A.3.D5..t.%m.'z...~.F...I.6..,. .>.Fu...=l...D.Be.....^.**!S.Z$:.uPVa.....DI..a.f.(.A....~\,T..~Q.U.F.+W'.1...;.V.*R(^T,. .....z....F.{Q.e~R..4...8..i...(.UU&..j...S..."/.q.)...t.m.,.......s.#.~..ARBu.PG.N..+..u.eyV.A.d.<.....+..D...+S.....X..Q..0..m..AP.*..E.. .:R.4.q.........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn:o1rPWVjWZq3RvtNlwBVsJDL7b/3U
                                                                                                                                                                                                                                MD5:63E35E03D1A718162EB721D779A00FE3
                                                                                                                                                                                                                                SHA1:92CDFBF49150F2F3F61438CDCB191E390B14E65E
                                                                                                                                                                                                                                SHA-256:422FA3D3220B8DCB65BE4ED2E2FBD7571B98EE2301E1D2FA86C937060391F148
                                                                                                                                                                                                                                SHA-512:9A436CC336F34BB269C8917F0322816FC63DEC63016CB292B25DA724C26D6EB8F72501F3C979C23842FFAA09B76DDA954ED05EBCB4F2FE7619D2DA14F8690EC4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                                Entropy (8bit):4.430969481705153
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:nBSB2KSuybJGUUz+V8tVef:BSBt5BUi+KtVef
                                                                                                                                                                                                                                MD5:E99C357B08B41346C245B475FEC386F1
                                                                                                                                                                                                                                SHA1:124138964AB90736D102E20C9D350951B1848840
                                                                                                                                                                                                                                SHA-256:04224E4804B62697DAD1641208F1462ED07E39F5BF93E993DB6850114C28C7A5
                                                                                                                                                                                                                                SHA-512:FABE3E0676189DD2D8FFCE1416CC01C1370D8C0B57C14A953B3ED827007FB7396B98AB04B21F349ADC5C6944C0C578246B179974E451319A7FA33A118E453181
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:9351./devtools/browser/4e597528-1fdd-44f0-8077-4699163b8966

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.SqlServer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):591440
                                                                                                                                                                                                                                Entropy (8bit):6.06924298598343
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:CTiRnMqz14Oc9CxCTROMKahag9QQB6FHK13z6kuyPQG2puGeqVmjaVmnS4bfu65V:RnMqz14OcksHuAu65V
                                                                                                                                                                                                                                MD5:949A71C816089308551D32BC4BFFEA26
                                                                                                                                                                                                                                SHA1:D53C2BA8ED7571BF5F60759D67CC7CAE1ECBCA00
                                                                                                                                                                                                                                SHA-256:BE2BCDC9C0FF4A2865C8E5296F6A3C87C22411FF268E5EFF30FDCF5F8B2561E2
                                                                                                                                                                                                                                SHA-512:9FAD72A10898AE253CC8EC5F708B0856B649528B9CDD0F6851930264BA7246E41C0E13DDC72A1A4550823E3030E15C9D320412DF80B3A968D1056DB0065AD6C3
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                • Filename: zbROZPjAQ7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: 6kK89mR2aq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: Console.dll.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............" ..0.................. ........... .......................@............`.................................{...O.......t...............P$... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B........................H...........`...........8....]............................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. #'p )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*:.(2.....}....*..*J.......s;...(...+*J.......s<...(...+*........s=...(...+%-.&.......s=...(...+*J.......s>...(...+*J.......s=...(...+*.(....s?..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\EntityFramework.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):4977744
                                                                                                                                                                                                                                Entropy (8bit):6.096478054710026
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:+VEvjTmOH5S1w66gqvcWLxPkKOeI2y3BzwNZEnq:WEvjPGw8qPLxPnI6P
                                                                                                                                                                                                                                MD5:6999777A429B6A0EFD83AC3115F531CD
                                                                                                                                                                                                                                SHA1:158644373AA9A2C33032C5C07E430A120D7D3754
                                                                                                                                                                                                                                SHA-256:EADBAC604EFE1EA0272D1285F48E358541978AA1D198EF0420B0E522C793B8B4
                                                                                                                                                                                                                                SHA-512:EE21E3203C063950867B8710407130CA40D9FE5F1C07A2D0754D0673EAC0486B80A4286B3D385E35F78FDAEF089DDAF3391085E3DC4117410D654957D2020591
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                • Filename: zbROZPjAQ7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: 6kK89mR2aq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: Console.dll.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K..........KK.. ....L...... .......................@L.....n.L...`..................................JK.O.....L.$.............K.P$... L......IK.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.....L.......K.............@..@.reloc....... L.......K.............@..B.................JK.....H.......<...,.).........h.A.....`IK.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.CSharp.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1005840
                                                                                                                                                                                                                                Entropy (8bit):6.7186531276890715
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:06dJq30vVE6z8LpeNY+9whtbShFtHVu9yHesCGDUD3I1i:FQ34VEYKaY++tbiHVu9yHFgrt
                                                                                                                                                                                                                                MD5:9B2A6ABE569D6BFF344CF07D3DF523A3
                                                                                                                                                                                                                                SHA1:2856F7F922F70A44132D02C0723EC2FA91E1FEDB
                                                                                                                                                                                                                                SHA-256:099BC112DC645BC4A1FC453E3B4C1FC93A164BFAF69E84C85C2B6EFAC0F7FAAB
                                                                                                                                                                                                                                SHA-512:B649400460CF236197ED168702707FB7E81FE4AA3D2542EDC07B1D3E1C520C6ECA54F77F7ABDB2DB297AEA0BC82E7A07ABF99A89CB958FEC138CDEE4FDEC5E79
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[............." ..... ...................................................0............`...@......@............... ..................................d....*..TQ...0...)...........;..p...........................................................h...H............text............ .................. ..`.data........0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1247496
                                                                                                                                                                                                                                Entropy (8bit):6.749340069071408
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:psvPzOPj/l89Sk2f+/eOUCxRepC3/Rk3isQFqULFL:psvPzOP7ymf+/TZq3id
                                                                                                                                                                                                                                MD5:B3D3DA24C19B47259D6C23F753AFBD8A
                                                                                                                                                                                                                                SHA1:923B52256967DCF9AE35406B803304CB97B5510C
                                                                                                                                                                                                                                SHA-256:816DE66126C5EFA65483B583F6A320C284E47FC7030F8CBD7DBED745FEDCD656
                                                                                                                                                                                                                                SHA-512:D959B6AFE6561084757F1E685167BFECCD94D44F41ADF98D8DF8AEED22296DC16C3484EFABF2EBBA7988825BE5772D51E1E179C91C8B52F024EFCDDAC77DFBEA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Y............." ................................................................Gx....`...@......@............... ..........................................d_.......)...........>..p...............................................................H............text............................... ..`.data...............................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17712
                                                                                                                                                                                                                                Entropy (8bit):6.610099146248559
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:6ku3cV6HxWmH639QdWSdX6HRN72YMTR9zUMq:ruMV/oWDg9za
                                                                                                                                                                                                                                MD5:3B3C142639335F9B615C0DE17BACB2D0
                                                                                                                                                                                                                                SHA1:C599AA74C3D0916D6E0BAF0949C5A6894145C6F2
                                                                                                                                                                                                                                SHA-256:BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5
                                                                                                                                                                                                                                SHA-512:87A3D33BE2DD049D906EEA8266FA4EE4694A81E3EE07F8205CACACC75B141605DDA2D454905BA0196FE26B8C7E68F9F2469AF2AEB4DD92FFA4A65F4C026AEBEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.............B1... ...@....... ...................................`..................................0..O....@..................0)...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.833706261769825
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:eiBpXxu0xtWhPMpWfpWjA6Kr4PFHnhWgN7acWtNfKUSIX01k9z3AGxdUK9:eiLBPWhPMpWfYA6VFHRN7Gh2IR9zJn
                                                                                                                                                                                                                                MD5:9B22CFB5BED886C6969E9C2BCA6AC35C
                                                                                                                                                                                                                                SHA1:10136331C4C4C97581055C94AE57D96DAA050FC7
                                                                                                                                                                                                                                SHA-256:150CE7473F17D708E846CCAFD9BEEAB9C341C28A130F6E37630ACAA622754A8B
                                                                                                                                                                                                                                SHA-512:E0C31B87191F833492149D9E17FB0CEB6FE15E0E053FD5959223835719F727B9524D6FA4E33EA167FF26CD912096AA455F0E6EA16BD377722D7BF9F2400B760F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.|..........."!..0..............)... ........@.. ..............................=.....`..................................)..V....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................$.....,X.k..C..9.......q..C.m...:...Qr.......Ia.Gz..@.|.s.ERw+.Y..wUD...Ks=S..2>D].o7.Qc.-.w.N.5.._.X...p.|..$...2.KHs....BSJB............v4.0.30319......`.......#~..(.......#Strings............#GUID... .......#Blob......................3................................................"...........;.l.........f.....!.E.....E.....>.................E...[.E.....E.....E.....E...B.E...O.E...v.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):121128
                                                                                                                                                                                                                                Entropy (8bit):6.1482993626679106
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:hR1cNXwrxM7wECif70JSvEVcULVi+Ril1dPC:iNIcFC270JSvEVzvC1
                                                                                                                                                                                                                                MD5:C2DC11B82A094AFCE0E4810E4FA50723
                                                                                                                                                                                                                                SHA1:769A8C969BB7EC7CA893C1939D2500BB367CF565
                                                                                                                                                                                                                                SHA-256:19EAB1189558EFEFB90F34B012B8182DFD3C707463F5E0D4F5C0D810156A5ED8
                                                                                                                                                                                                                                SHA-512:0083FFF0E424FF80B3F8A632F139AD267A14D1419ABD1B68BAF1FC84BD2E5739E805ADF10EC79D7FA325BAC553CF7F0D84C846425638292C550CA3957AF46DAB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....p...0......................................................5.....`...@......@............... .......................................4..........()..........8...p...............................................................H............text...[h.......p.................. ..`.data...a........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Microsoft.Win32.SystemEvents.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):50248
                                                                                                                                                                                                                                Entropy (8bit):6.289462537946871
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:zSXwygO6T53MF09ipSJkKFZGf9PTIG57raN8q8j76P5:zS596T53MoipSlZsVTIMvaN8Hj76P5
                                                                                                                                                                                                                                MD5:EF50BD977976ED929FABEAF6C9241C45
                                                                                                                                                                                                                                SHA1:AD004278F0C66CF0086C1024CE46B04852DE6ECA
                                                                                                                                                                                                                                SHA-256:1D5BBFB227F20E866CF25F649A059B61C3F35336F69EBD19B8EDE7B6E14A7414
                                                                                                                                                                                                                                SHA-512:5ED13DEBF26F120C80C09DF572571B3BB05FCABEE7B1C7D945D2D767B13A2FE1C5861CAD4FA1FEA1658357FB025F9237F7AE2DE510DB120CFF6EF4041D5F6707
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6)q..........." ..0.............:.... ........... ...............................X....`....................................O.......................H$.............T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........;..pt..................d.........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......( ...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\Newtonsoft.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):712464
                                                                                                                                                                                                                                Entropy (8bit):5.960816598800232
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
                                                                                                                                                                                                                                MD5:ADF3E3EECDE20B7C9661E9C47106A14A
                                                                                                                                                                                                                                SHA1:F3130F7FD4B414B5AEC04EB87ED800EB84DD2154
                                                                                                                                                                                                                                SHA-256:22C649F75FCE5BE7C7CCDA8880473B634EF69ECF33F5D1AB8AD892CAF47D5A07
                                                                                                                                                                                                                                SHA-512:6A644BFD4544950ED2D39190393B716C8314F551488380EC8BD35B5062AA143342DFD145E92E3B6B81E80285CAC108D201B6BBD160CB768DC002C49F4C603C0B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)..........." ..0.............>.... ........... ....................... .......m....`.....................................O......................../..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............9............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*.(.........*....}.....(......{.....X.....}....*....0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{|..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\SQLite.Interop.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2005688
                                                                                                                                                                                                                                Entropy (8bit):6.582595751983885
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:tQ/IZ0sF2Ou+pqnX3lJ1nCHmWbk8d7hLJ:tQ/rHnkJ
                                                                                                                                                                                                                                MD5:4930777866B1FDAED2AB80B0FB8793B6
                                                                                                                                                                                                                                SHA1:E2686B9AC7C3867C644902805142F1F42BAE7645
                                                                                                                                                                                                                                SHA-256:1111916DC329A13BD627B2CD90C9B2263DE9923FD0BB6059C69C52332F360C37
                                                                                                                                                                                                                                SHA-512:D294E9D638FB6D579FDFD69A9F098B2D8087FC6C1C240496CC99804980284352299B52B9A2D6B1D1289FFDC5F5ECF364E67EB32E7B4A9A8DDF20C723F9FA28D5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................:..........!.....!.....!......I....w.(....-p.......6...=!.....=!.....8!.....=!.....Rich............PE..d....Q.f.........." .........d......................................................M.....`..........................................u..8...8...x....p....... ...>...F...T..............p...........................p................................................text...o........................... ..`.rdata.............................@..@.data....p.......R..................@....pdata...>... ...@..................@..@.gfids.......`......."..............@..@.rsrc........p.......$..............@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.AppContext.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.754633849646731
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:FYjgxACvaW+S7WFlWxNzx95jmHnhWgN7aIW+/yaYHnsTX01k9z3A1dcdL:Fk+NaW+S7WFGX6HRN7BnYMTR9zUdAL
                                                                                                                                                                                                                                MD5:CA56A8F20FBC0DC300136A7F52CE5448
                                                                                                                                                                                                                                SHA1:3BC48E9E7EBFFCBDE4A0018ABEE27077AA22C90B
                                                                                                                                                                                                                                SHA-256:1EE0C49348E8F269D65096B2A749E81E06ABED0796BE768D5383F174B3EBED61
                                                                                                                                                                                                                                SHA-512:2EC0A88FE112AC840DFBC7992028B85FF216AFF944483F1FC518A5E5E3822A6E7A2E7995E22464A07E3089680664D87124A1F1B1C3036C0F19B643FDF16F5D50
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................w'....`..................................(..O....@..h...............0)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Buffers.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.745504174553825
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:/XlE3V0WYZ2Wh8pWjA6Kr4PFHnhWgN7aIWH9qLrRGhFKeX01k9z3AB+Bf5e:99WYZ2WCYA6VFHRN7Cu0R9zI+1
                                                                                                                                                                                                                                MD5:CAA67B5CB207447441AF97F77A8D28EE
                                                                                                                                                                                                                                SHA1:00321E60DB8F53DAAB0AF1D86F090B6B77CA2F0B
                                                                                                                                                                                                                                SHA-256:49BD03FF5EF094D48ACE745D8F5C81077D28551CCA08B16D4C4DFAFAA352E43A
                                                                                                                                                                                                                                SHA-512:4F886B2E093397A857F69B1635BF3B6ABDD181D17FF21F19AD99916894A684AA35D834FDD03EFEF846AEA6BC99E42D4FBAA7E50EF2400CB818A301A285841B8E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F7..........." ..0..............(... ...@....... ....................................`..................................(..O....@..X...............()...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...|...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.CodeDom.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):183576
                                                                                                                                                                                                                                Entropy (8bit):5.938875075706144
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:bMKminLBDcR+s0sK1eW0F5PIlwbrebRYSH+lTWh1vQ44:3LBk0s3hebCSKisF
                                                                                                                                                                                                                                MD5:3F5C6DDD8CC2B92E7BB742ADDB3EA650
                                                                                                                                                                                                                                SHA1:677800EB1BC1D5EFB1F77D4ACB4164A10A7DA0D9
                                                                                                                                                                                                                                SHA-256:8D9C04FED7926CD1332DCCCE32E65BC32D19A5DF7737EDE981BD136A0EA372B8
                                                                                                                                                                                                                                SHA-512:F58C9C034DBD33BA3196DAFF5D4B2F53A6CBBD8D2E350C4944A8B883D858B991614651444762B62D90BC10863A41EF73F3A9E4B689673D190BA15C033091A737
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....LP..........." ..0.................. ........... ..............................{.....`.................................i...O.......X................)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H.......`Q...W..........................................................z.(....-..(....,.r...p.(2...*.*"..(....*2~.....o3...*..o4..../..*..o5...._3...o5...._3...o5...._.....*.*.0.............(6...,..*..8......o5.....(7.....E................................................................................+...+..,..._...*..+..,....(....-..*..X...o4...?l....*....0..s.........>5T..$YE....0...7...0...7...7...7...0...0...0...0...0.....:YE........................+...[....]....`..+...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):276744
                                                                                                                                                                                                                                Entropy (8bit):6.728786186995529
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:3PA2HHj4tByYOTblcFe4khyO2bIykwXLbn:3I2Hj4tBypHfhD2bIrEXn
                                                                                                                                                                                                                                MD5:B9B20837FC21F3B6C7DC96118F58A584
                                                                                                                                                                                                                                SHA1:A1E60495DA508FACB76031996ABCA51306078142
                                                                                                                                                                                                                                SHA-256:4CC75A63FED0A6388C95628EFBEA788408E4167595D8F3980BCD2BEB9B439541
                                                                                                                                                                                                                                SHA-512:720FC092603432E3640C9B4C71C969403D2BF400E1C2F7EF1F0C46D85E8A31147113C0A191A1A3180D9FE26337C3E1D0F6BA38505BC8146156A88841F8FFBECF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....(..........." .........P.......................................................#....`...@......@............... ...................................... n...........)..............p...............................................................H............text.............................. ..`.data...h=.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Immutable.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):837928
                                                                                                                                                                                                                                Entropy (8bit):6.723068549493689
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:arJR+uRoPwKMeN8/98vTU4dQEE3k0T9YLVgHr4iuGvNgllggskj:m+u68abw+CMiz2llas
                                                                                                                                                                                                                                MD5:B55D4397AF5909E22B8B50E6D6E35385
                                                                                                                                                                                                                                SHA1:0335B1040CC5339FFAA7833842FDCB1424A19B30
                                                                                                                                                                                                                                SHA-256:6446E921CF1D5E9B7E9CCE08E1061206129A1D29407B59FF48CBB44ADDBC082A
                                                                                                                                                                                                                                SHA-512:5A2B196A715BD4334F8A35A61E09C5EA620B710185B18A6DC93E7496367FCA292F3492663C0AC5739BDEB3090E472543F50729C3394FF7B133AB582FCB9E8270
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...1Y............" .....@...P............................................................`...@......@............... ..........................................Hr......()..........( ..p...............................................................H............text...P0.......@.................. ..`.data...L$...P...0...P..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):104752
                                                                                                                                                                                                                                Entropy (8bit):5.951214543616432
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:XHs0tJVDX9LOIbwNC5IQ7XVrMZqz9AOWSUdbWKvzd8:XM0dzNOIc+IQLGZqzKOOZR8
                                                                                                                                                                                                                                MD5:D8E1F2706EDBBB0D5283E866FD6B5A68
                                                                                                                                                                                                                                SHA1:5893B4B685A2172D37DF5519AD00F02B5132DB50
                                                                                                                                                                                                                                SHA-256:891A7B6BAA99B3A98D33947E69CB35F415BF735D9515DA628D6624BD64595BBE
                                                                                                                                                                                                                                SHA-512:82F5FCA1138885BF890EA262B7B453E05C76095A7C80F66D2F90CAC91B374153A7E53B4F0C215B389BDAFF63F91DC52912382960E24C646429E12908AB2FECA5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...c............." .....0...0...............................................p............`...@......@............... ......................................H0.......p..0)...`..........p...............................................................H............text...:+.......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.Specialized.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):104760
                                                                                                                                                                                                                                Entropy (8bit):6.023688556329198
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:/AKdRfAUP9WSJLeI620hCYCARk4YIAO8xocgO50/d0VIOXWShzpS:/AKfASpeJDPAOSocgOa/OBXhhE
                                                                                                                                                                                                                                MD5:408636AD69D82964450D11E2BC2B063E
                                                                                                                                                                                                                                SHA1:C6701A74D0993B7E8242DC45C73C47CF38A8CF1C
                                                                                                                                                                                                                                SHA-256:B2EABD2CC9923818F6D1BDFB3E9CFE02A54D6327DCC4AECCF61F895E0E02E67A
                                                                                                                                                                                                                                SHA-512:FC252CB0E6B778E410856C1D8B2E00A925C8C6A31E8622687D56D641DC54DAD004507AF4A23406448D1410CB618F7689704E0D504B55A68BA2BD6BD05E8254A5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....<..........." .....0...0...............................................p.......y....`...@......@............... ......................................x1.......p..8)...`......@...p...............................................................H............text...1).......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Collections.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):260400
                                                                                                                                                                                                                                Entropy (8bit):6.618537900857936
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:unxoXLUDXDiKNYX8qTKfAyryS1rIgD3lgT:mxCUDXDiQ+jTURrhFLlY
                                                                                                                                                                                                                                MD5:F79C5255B5A8113246917AE7681E4A24
                                                                                                                                                                                                                                SHA1:CC1B9BED6269BB109657A3BBEC56F54C31444B0E
                                                                                                                                                                                                                                SHA-256:5B20181EE4E188AA6B328C107FEE9506E63EFE3A4F9D2C3517EF2972B6AA1211
                                                                                                                                                                                                                                SHA-512:731AB48B1913FC9BA4F8D25EB497EF860796FFCA7364AC91D18BE2DCB243CDA6BAE0BD141CD6B8CB77C940253FE642BD44D85999003DD5701BE9242A6BDAB5BB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....;..........." .....p...P......................................................7.....`...@......@............... ..................................t....[..8.......0)..............p...........................................................x...H............text....g.......p.................. ..`.data....>.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):203048
                                                                                                                                                                                                                                Entropy (8bit):6.207009954800782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:Fyzc/yxHdJdq+4dCLLe6Yfn33wmMWQArD5/oE5bF6fLUV/Yqp:omyx9env3wzWQArcUV/Yy
                                                                                                                                                                                                                                MD5:60AC5526E44A9F031F87CD84CEC7140F
                                                                                                                                                                                                                                SHA1:4DFF306D8D13C393EB5924BACF4788397FE29B03
                                                                                                                                                                                                                                SHA-256:7ABBB89A3B170A9DB8894B7B6E24A6CE99340F6938E1B78A1DE0A941B8B5BB61
                                                                                                                                                                                                                                SHA-512:18F1B98E350D32DB9269CCB8B650D9E433BC18CE5CBC69B37082E182B3793900616D60814215FE6C5B39C2811A5A9153B6D0BCFD8BB00DA499AB8CA76410CB78
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...er............" .........P............................................................`...@......@............... ......................................8I..p.......()......L....!..p...............................................................H............text............................... ..`.data...M9.......@..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.675054821557407
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:BjpmblJeIeGXxlkGl0Wu+XWEtX6HRN7klMR9zPyjO:BLc/Wk69zKjO
                                                                                                                                                                                                                                MD5:F8ADC8C164B2D4E9D87DCABCBDA95B44
                                                                                                                                                                                                                                SHA1:2D78A2C285FD096612530ED90BF7FBA8A2AE1392
                                                                                                                                                                                                                                SHA-256:E49B3F50FDB62357C70C944EF84DBCDE9DA86D2833882EA08AC28B1D3DA0EBBB
                                                                                                                                                                                                                                SHA-512:254E544BE19F32F0DF65627F80EF5D456B52FE38DCA7F1B498839649318CC6A60EC0B81984548BBB20A39753EC4904EC74AD057D2DE2D128CAB81E1FE5444143
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.g..........." ..0.................. ...@....... ..............................1.....`.....................................O....@...................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47368
                                                                                                                                                                                                                                Entropy (8bit):5.343354931264753
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:fWvPwWlrTB3PadWBj/Dqhzq1c8dgfL9ikyr46JXfCvDXxO88+aEZ4jIwVPBvAN4x:MflmYlkB9n88IVJg86FClUU9zwa
                                                                                                                                                                                                                                MD5:8118646098B1A4570BB29A5D867A1983
                                                                                                                                                                                                                                SHA1:58787C4A3E3285BA9C7E7B7574C552467FD96F6F
                                                                                                                                                                                                                                SHA-256:6C2BA61732037024199D6CB5841E41A51370399ED8E9402D20D378C4C79DCCDC
                                                                                                                                                                                                                                SHA-512:2CA167E4AA6DEC9B3C811F22DE33FF92DDA58E170EBD322DE54D1725AB6A47403DA7D595A18BE7F72DB2C28C03E620F2505992B29E32BA731E5E442AEE9DF023
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...AM............" .....`... .......................................................$....`...@......@............... ...................................................)..............p...............................................................H............text....W.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):80136
                                                                                                                                                                                                                                Entropy (8bit):5.846320393478092
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:MI5/UZMu4Thd+Cv8A/oqevD2olsmIbktDinxze:Mr4X+S85qKD2ommIiOK
                                                                                                                                                                                                                                MD5:BC478FC2764A94C56E69E9E38A51452A
                                                                                                                                                                                                                                SHA1:1C199BF6064992A5A81472B091A01F45B4442889
                                                                                                                                                                                                                                SHA-256:304635DBC025B5C3BFF78DF48C19980E9B52C632A7D3C145B61288F546293BF7
                                                                                                                                                                                                                                SHA-512:AE81A6CE5E66CDDE1B074474459DB6081C627B8B38E0F959EBCDEE02AE935BB022E66F39A4451989AA59E3EBB15CE3052CC23DDEE4C9DB5E6649D33EAEE484B6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....N............" ......... ....................................................../l....`...@......@............... ......................................<&..X........)..........x...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):747824
                                                                                                                                                                                                                                Entropy (8bit):6.643641560609559
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:8tbWtrTblAqmrIofhCXvdb+/ipZ76GaEFBiXMSuD7QLohk+xLRxw5:81WtrFlmrNfhCXvdb+/ipeEFBiEDMSk1
                                                                                                                                                                                                                                MD5:DB6BCFE78A5A8BA98D4042A2567933F2
                                                                                                                                                                                                                                SHA1:463D999211CCE7B669437DF3935BE627DCDE8E7B
                                                                                                                                                                                                                                SHA-256:CD7E2EF84253D24807DD61EF644F5AD8042656340DD02830E3F22E6A7EAB8D06
                                                                                                                                                                                                                                SHA-512:FD099BFB3C1328602458C6F2C4F7C9FD470CBB0ED78CEADBE70F92E4860701AF956504A4C18443DCCBA63A819D764F1FD3CD3E82A21214FC5189EE2BD0D1C8A5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....s..........." .....P...................................................@.......&....`...@......@............... ......................................p....X...@..0)...0......x<..p...............................................................H............text...L@.......P.................. ..`.data........`.......`..............@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ComponentModel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):30984
                                                                                                                                                                                                                                Entropy (8bit):4.326509735182786
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:+W4I1Wzqib+d0PMpYA6VFHRN7UYJ2R9zU3:XF5FClhK9z6
                                                                                                                                                                                                                                MD5:040F8D89AA869EBAE8DD21141ED326B0
                                                                                                                                                                                                                                SHA1:DD4B5B58DFE497F76F61891B8E62695310262896
                                                                                                                                                                                                                                SHA-256:0BF9E3E6C8327B7DB4372F27507A71BF0EF06B22F042BBACF4A860F0922BE1FE
                                                                                                                                                                                                                                SHA-512:6AD73EBE3CB5FE756D5BBACDF6BA09D490D619A1067DC2B6945871F6B7EE5C8901C45B491A26B23E74B8911F396F61EA9A88DE4B2F6BACD1CBF9E20496EF527A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............" ..... ... ...............................................P......)+....`...@......@............... ..........................................0....P...)...@......8...p...............................................................H............text...1........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):375912
                                                                                                                                                                                                                                Entropy (8bit):5.984458134179533
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:b28/xHM7l2JzUcq0RmVyiyYWu5nhezpmQiKyTgQ+2/NVQ8GLa0Uh55T3lEC/IOPv:b2ORklOELVIuJhel3Q+2/NVQ8GLa0UhB
                                                                                                                                                                                                                                MD5:70E81BFC1DCCE3AA3AB30C3ABAF3EA53
                                                                                                                                                                                                                                SHA1:2132451E6DC8B1C18568181DDB5D697A491EF7FA
                                                                                                                                                                                                                                SHA-256:4668F89524FCB4D71950E0AD7E0D56E5E5DB2C70E395AD49F7DB6A8164CC50D6
                                                                                                                                                                                                                                SHA-512:37B143C9FF3D06D87B07BD2118A22B48F7DA590E5AE0C03D40A9B9BBBE45A184F091A23FB6CB7CF0FF8BA68E06815078D8E0738CAA4529666E2C98C6F7F057A0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0.................. ........... ....................................`.................................0...O.......4...............h$.......... ...T............................................ ............... ..H............text... .... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................d.......H......../..T................{............................................((...*..((...*..*..0..1.......(....,..%-.&.*..(.....o)......&...,...o*...,..*.*....................(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r...p......%...%...(+...*...(1...*.(....,.r...p......%...%...%...(+...*....(2...*.(....,"r...p......%...%...%...%....(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Configuration.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19760
                                                                                                                                                                                                                                Entropy (8bit):6.50388265626174
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:TMXTSv/fUNRvGZYdf3zyP/weP+YHTWvANWxRX6HRN7h9bt5R9zExRK:qQPVKWjx9zsK
                                                                                                                                                                                                                                MD5:96C347B57AAA9AB1CFA8365585E9C9A1
                                                                                                                                                                                                                                SHA1:17B2B2F1019CC93ED1AEF0BE445CB1053C01341B
                                                                                                                                                                                                                                SHA-256:19C65DDFD1C484306C928BB8AE838215F7A689E757326791E50FD3C488CD1284
                                                                                                                                                                                                                                SHA-512:EC1DC25698B055F2C72A435F7C62B93635959A09C142D8908C2B03CEDF45B2E138A27DD227F4CAFA701897B8A305071346056DFE9017A1E0229C6A640B36660A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=#............" ..0.............v8... ...@....... ....................................`.................................!8..O....@...............$..0)...`......87..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................U8......H.......P ..h....................6......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob......................3................................h.................2...%.2.........R.......b.....U.....U.....,.....U.....U.....U.....U...3.U.....U.....U.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Console.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):174376
                                                                                                                                                                                                                                Entropy (8bit):6.280397830530098
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:zqPlmXCzdfd6+Vfz5mDVV9evshARZvgL4OUgZjZXR1BB1GlKi7:uPoXifd6qwV9eEh2ZvgmQ9bB2KG
                                                                                                                                                                                                                                MD5:E58A5726978B1DFD94B6B4CB38102340
                                                                                                                                                                                                                                SHA1:D1A561662830FD01351341CA862BB93191095338
                                                                                                                                                                                                                                SHA-256:8469DEB8C7D532E8857F5C68DEB291035103DEE3698BF5005F4E08C5BD05775A
                                                                                                                                                                                                                                SHA-512:2D7B698720D7AB2E8535A68AFA3ABA41D39A888D05E59454CB7E35EE04E9E3CAEF52EA9BE46BCD8E28C7EF4E4098F168D7D0580347A9F980893198995301A388
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..._.>..........." .....0...@......................................................c.....`...@......@............... ..................................T....<..........()...p......`...p...........................................................X...H............text...}!.......0.................. ..`.data...."...@...0...@..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Core.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.307580885714362
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:/S9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXt5zElfWXJ2WoYA6VFHRN7kxJ:K9H4Ay0l9Jr34FPhoact/iKMePLAxivR
                                                                                                                                                                                                                                MD5:85A20E6FF4565669D120A52C00B12775
                                                                                                                                                                                                                                SHA1:4C648D4161C9FD6C7FAABCDE1ED7F45A68E98A50
                                                                                                                                                                                                                                SHA-256:CC23F980E20FCED097A234AEB379D9C9C1F5235B93126709199815E96D8F2217
                                                                                                                                                                                                                                SHA-512:96DCADABD7A73584BB58459404ECD011F088AFE6BF92E413BBE69F9EC329B651415405838100513358DBF09A3EDEC23792A6C54C9BDDFDBE74870BCF74421180
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ....................................`.................................wH..O....`..8............4..()...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&.................. G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.Common.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2861368
                                                                                                                                                                                                                                Entropy (8bit):6.795825527603884
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:9flMLj5HODx+ncGZUG3k+mywJOHPxIyiNgnssolXWMW03Rz7F5hBh0TX1G:lOCOZIunssolXWMW03Rz7+Tw
                                                                                                                                                                                                                                MD5:38154C0B1654E7B38878A8D20A804979
                                                                                                                                                                                                                                SHA1:EAE6B02D412B61A64E9FE87B62B77B0A940CC899
                                                                                                                                                                                                                                SHA-256:85614A082FDB244379E34EDEA86AE8B7DAA71EFB61E52868675E5DA7685FB72F
                                                                                                                                                                                                                                SHA-512:1E487C6AF8DEF70C168B86843113BE3B0DF15CD978C68FBDC65A0F371276428731241EF315C192E85BE27234CFA6EB1072E48778C36B8845C8DA86E9614CAA73
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.w..........." .....@)..0................................................+.......,...`...@......@............... ..................................t.............+.8)...P+..-......p...........................................................x...H............text....8)......@)................. ..`.data........P)......P).............@....reloc...-...P+..0...P+.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.666464376103628
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:gmoHF/wAisWaS7W5hWxNzx95jmHnhWgN7a0WO8flXefqg7i1X01k9z3Axpzu8:HoVWaS7W5KX6HRN7QYR7i1R9zORu8
                                                                                                                                                                                                                                MD5:9783A0CCD5A64883445821E1F071076F
                                                                                                                                                                                                                                SHA1:C710BFBB818BF9F27F123F07E90DE7DC98C9F6D8
                                                                                                                                                                                                                                SHA-256:55E5BD120160DDD157A2F11C8D8F9AD99972BAF1FA78C37647B0A34F268AC0DC
                                                                                                                                                                                                                                SHA-512:23052276DD8F811D240A277FE3C7C77743FAEADC54548E4EE712D5AC4DB7921988406E66B9CEA24A0AF1D73A4D31AFA14E2ED81E87C1F874EFC36C7DF4FDE785
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@..........." ..0..............*... ...@....... ....................................`..................................)..O....@..................8)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.EF6.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):206520
                                                                                                                                                                                                                                Entropy (8bit):6.121139897829129
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:olRykDX+8KI7qTvPAIdF5/UO6KP8cyRL0LB:o/yf84DXn6KP8cz
                                                                                                                                                                                                                                MD5:0F3EE51C596E7557ED49BDDD1E57F7C9
                                                                                                                                                                                                                                SHA1:6B9E56A3F1A4847D1756F7F352EBD695D375BE27
                                                                                                                                                                                                                                SHA-256:4F7CB99BED4C0C2E0E221A9487C7697F8C882E7288FFB993908E592FFF5446D5
                                                                                                                                                                                                                                SHA-512:520BCCE956E752EEF6EF6FDEA1685D4F3A311BAB1BBE9B4DB20EE5F199EA76444D538C6588AE4250ADC2A9E14B1073699C4B41940E6554BE0BEFA04835CEC63C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.f.........." ..0.................. ........... .......................@......Z.....`.....................................O........................T... ......4...8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................DW..p............................................0..,.......~....s .......o!......r...psn.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........or........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......oo...Q.o/...*......_.M........0..n.......~....s ...%..rc..psn....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SQLite.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):446136
                                                                                                                                                                                                                                Entropy (8bit):6.166664458043378
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:x87lv7mxYhdYzX8/4uqBIbQGEZnFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpA:efhdYzX8/dbMXA
                                                                                                                                                                                                                                MD5:2CD89BD306B2E852F70CBF49C2DD1C92
                                                                                                                                                                                                                                SHA1:8D37E741238CF895E59DD73911F6D6883F9A469E
                                                                                                                                                                                                                                SHA-256:FA3D7678272B10DFA0BE3D959F0AEA38A58B75CAF1BBA06D6781218CED489620
                                                                                                                                                                                                                                SHA-512:CED25645B62D531E5E6CD629BE8DF0BD7859FF2FB52E80C67836A5C50DB011F4EEA017B34EB5005C64CB0E792ED11B716778D1C24D756508F555E42EB758C11F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.f.........." ..0..p............... ........... ....................................`.................................7...O.......p............z...T..............8............................................ ............... ..H............text....o... ...p.................. ..`.rsrc...p............r..............@..@.reloc...............x..............@..B................k.......H........n...x..................<.......................................:.(9.....}....*..{....*:.(9.....}....*..{....*...0..........(:.....-..*.o;...*...0..T.......~&.........(<....)...(=...-.~'...(>....(?...s@....)....)...(A.......,..(B....&...*.*........;C..........MM.......~,...._...*.0..(.......~&.........(<....+............,..(B....*.................0..........~&.........(<....+...(=...,.........,..(B.....9....(C...r...p......%.(..........(....(D...(E...&.8.(C...r...p...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.SqlClient.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1023360
                                                                                                                                                                                                                                Entropy (8bit):6.148689002721556
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:9SqIAB+KyECe4rnKwJyjyIcAL07LgUulGC9337lTQaf60FhFoFmF8cjcsc4FEFbZ:9SqIAB+KyECe4bNyjyIcALCgUud7lT
                                                                                                                                                                                                                                MD5:0AEBC8E926BD1F1269E5A053B6B541DD
                                                                                                                                                                                                                                SHA1:B40671A4D2973A1E4D71DC674308B8883EBE58F9
                                                                                                                                                                                                                                SHA-256:5F79C075D83904AC64510C3DC77E45980EA38B82204E39C3913531BFFF78585B
                                                                                                                                                                                                                                SHA-512:AB5D8F401F86C911DE64D8083E507C63012D9CED7AF32FD28414104E4C2E89305FBE09C49EBE9F1B2AE45FE1F45C9179BCFA4A2324D8DA1201769FAEB11F1A45
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@)............" ..0..p...........{... ........... ..............................,.....`.................................1{..O....................z...#..........<z..T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B................e{......H.......@...$...........d"..XW...y........................................{E...*..{F...*..{G...*..{H...*..(I.....}E.....}F.....}G......}H...*....0..k........u......,_(J....{E....{E...oK...,G(L....{F....{F...oM...,/(N....{G....{G...oO...,.(P....{H....{H...oQ...*.*..0..b....... .e.V )UU.Z(J....{E...oR...X )UU.Z(L....{F...oS...X )UU.Z(N....{G...oT...X )UU.Z(P....{H...oU...X*...0...........r...p......%..{E....................-.q.............-.&.+.......oV....%..{F................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Data.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):25384
                                                                                                                                                                                                                                Entropy (8bit):6.290197216885165
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:DWAAaFiTCmM82SuxDJQqMWioFWNwYA6VFHRN7IYMTR9zUQ5:CpaFiTCm0DJQsywFClVg9zR5
                                                                                                                                                                                                                                MD5:7AA4CC0823A68484980CCB05380826C4
                                                                                                                                                                                                                                SHA1:7A74462318DDB1B472CA7DD9BB30B05AF2C38CB4
                                                                                                                                                                                                                                SHA-256:04C204B1FC3B287A1C236AE14A6B397FB32BAB493FCEA64EBA78C8BB234FA37B
                                                                                                                                                                                                                                SHA-512:D7A58F21889D0CBE1AF6BDF1F009D00EA66B79512F05613EE429964CE6C789FACA1B5CEF6DDFB463D607C498A7BE671601DDC18474124E2A184049222F543C9A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w,..........." ..0..0...........O... ...`....... ...............................q....`..................................O..O....`..8............:..()...........N..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc...8....`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ...-..................LN......................................BSJB............v4.0.30319......l...T...#~...... ...#Strings.....+......#US..+......#GUID....+......#Blob......................3................................<.....H.........~.......................).r.........;.................Y.......................B....._...................#...........................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................R.....[.....z...#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.674104191430389
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:meVamI4NZKxZ88W6Z2WIW1AWxNzx95jmHnhWgN7acWnFx6RMySX01k9z3AcyFaZr:DVae+y8W6Z2WVRX6HRN7SuMR9zPyoa0
                                                                                                                                                                                                                                MD5:53A5965A6A8EA3D8EC5FA56EB53A88A4
                                                                                                                                                                                                                                SHA1:669AF6E47FFE94CC600E21A4EB052C05F65BFF01
                                                                                                                                                                                                                                SHA-256:F8179EF7837F7BF555720B9FA8C49243365794C28D2F7381E612BFC548681DF7
                                                                                                                                                                                                                                SHA-512:BBA0CE25676F1B97E4442EEF0FF0410E67DAA780AD18FFBEB61462ECB6846AA82C3AD5806656A4048111807096BF359951E2D628EF77D5923ABCEE57FC855156
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............+... ........@.. ....................................`..................................+..N....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................=......mO9Y.F.&w.(6....?.8.EG..;.J..B.j-........<Z>R._......d|Y...!.tv.k.|;mV..b.^2.<...p........4.......2.\x?.LJ]f.l.&?....BSJB............v4.0.30319......`.......#~......H...#Strings....4.......#GUID...D.......#Blob......................3......................................Z.........9.........................,...5.............{.........F.............................#.....p.........................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.74420130921519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:jXfMxA3wKbW25mWHWWxNzx95jmHnhWgN7aIWN4uvpGX01k9z3Af/8ROnkxh:jCIW25mWHdX6HRN7yxpGR9zqCOSh
                                                                                                                                                                                                                                MD5:200A2EF8039A866C29F6646C08C916A0
                                                                                                                                                                                                                                SHA1:D9AFB3DCF376FDF153D5B0F1AE6167660DFB1FEB
                                                                                                                                                                                                                                SHA-256:F587E4D5F4347D8851FE63FD165FF3AF6F0A0D7EDB22DC9EC13878CC5342AB2B
                                                                                                                                                                                                                                SHA-512:51BEB0733A184397ED605D483D0EF47F7A6B6DA05666DB5175CBDB8CDEFB90E4D6BFDB0C59E118796E9851108D590F2EADF3CF07944424C05276BD9F8A64E25C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..............*... ...@....... ..............................+.....`..................................*..O....@..................0)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):416056
                                                                                                                                                                                                                                Entropy (8bit):6.650016678777876
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:bsuTEcoc/FGNasNt2l4ru2jKw6xtQ7/tvjETqCZ03EdZbj4MKpW:QuTf/FGcsNtM4q2jStgjTy4MD
                                                                                                                                                                                                                                MD5:ADD4BC84418AEC1011BB4AD7EDF12B00
                                                                                                                                                                                                                                SHA1:A1D54AA744C20733AAAD9CA4F219B05FA8245981
                                                                                                                                                                                                                                SHA-256:9444173233A16F1C5508DDBCA2DC674DCFCFF91DAE321CBC8AC3A01527A6688B
                                                                                                                                                                                                                                SHA-512:5A0FC3CF99BE67F49870DA7E487BA880F3624A441548EE76557C355FAC369831DFAB833C8718C986F89B4A77AA7065C9CEEFC95A40794AE1818FBFBC967FA807
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0......S/....`...@......@............... ...........................................)...0..8)... ...... )..p...............................................................H............text............................... ..`.data...............................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47384
                                                                                                                                                                                                                                Entropy (8bit):5.386361519950313
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:7ky9wsP/QEBuk3bqUghj9zk6KPivxbzY17tFAX+0foWIl9zApn:7ky9wsP/QEBuk3bqUghjVXKPipb017tc
                                                                                                                                                                                                                                MD5:CC68F9E56A287662C705302068EF4994
                                                                                                                                                                                                                                SHA1:DB038C3BC9434359367D4AA7801C605D2D61CFCF
                                                                                                                                                                                                                                SHA-256:AB5638A08516771F08F7CCA49D9C43FB90E5937CB1D6F03C307A5EBFAAAB5BD4
                                                                                                                                                                                                                                SHA-512:1609A29259407CD37627B9786897206FCC229DF4955317CD60AC71A9AF175BE866AF456B08C76401CE2083D67E837E37D5AF7B24F61ABB392D2DE44CB71CED23
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....^..........." .....`... ......................................................S3....`...@......@............... ...................................................)......H...h...p...............................................................H............text....X.......`.................. ..`.data........p.......p..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):338216
                                                                                                                                                                                                                                Entropy (8bit):6.547091859291254
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:PZkDfqaP75HL9eEIdanhOe9jb3b41PlmFFVZTdiX2JD:P2DfqweDdSo8D
                                                                                                                                                                                                                                MD5:634FEF75870C6C036FB4132A4E4D5B63
                                                                                                                                                                                                                                SHA1:9020E99507A27D3009B5914F0E73C91F39C1AA1E
                                                                                                                                                                                                                                SHA-256:7BBCA593ED7F5B8F8650ECD5E597190D7D55BC4B1B9D8A992C7A1F887E65DCC2
                                                                                                                                                                                                                                SHA-512:03B92B87E25344F425AB05475845B14BD8B320E8C09E5B55D94F8FD284097F5226A99720988DDCAE025B92C60847F04AD60D74C0E4E90BAD380EB0A5390251DC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........p............................................................`...@......@............... .......................................w..."......()...........%..p...............................................................H............text...+s.......................... ..`.data....S.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47416
                                                                                                                                                                                                                                Entropy (8bit):5.395594314778358
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:dc6qXYiTR+DUnWzE8vk6Y4mPFWg0WhQ9zK6:d0XYiTYDUnW/c/4mAg0WmzK6
                                                                                                                                                                                                                                MD5:48E2A256B5D7FC2BB74B5046AF715072
                                                                                                                                                                                                                                SHA1:EC1854323EDB9C462A2A967C1C06759C3261CCFD
                                                                                                                                                                                                                                SHA-256:2911FCAD2139490432F3FA96FFB3A50A90E06F84C60E45DF60E6DEB4126B16B9
                                                                                                                                                                                                                                SHA-512:2D0196C98EAA40759ACCD38C5410F482CFBFC83B79CDC629E0297A3B590B1FDD3FB77299F38A1F1414DBBB71475C6CEF744BB2FD7D695E9D3177BF7817F80C68
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Y............" .....`... ............................................................`...@......@............... ..........................................8.......8)..............p...............................................................H............text....V.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):67896
                                                                                                                                                                                                                                Entropy (8bit):6.071077935827304
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:CFtHMfPA85VU9QbAoqxfxGSC0e+LRnugRxFjyGw3/slSdoF31s7YiNL2OSkkkUPM:2GQ4EoLmpzFYU4WCzj9
                                                                                                                                                                                                                                MD5:7AEC30A9E458C5C0025FBFA3A940B791
                                                                                                                                                                                                                                SHA1:E7AED5DDD43AC6D7EF1D474229EDC9FEDFBF1DF6
                                                                                                                                                                                                                                SHA-256:1A1CB8D5807BF6EF60EE749AF2A7D485A581FC7C03CED44E947E08699566B2AD
                                                                                                                                                                                                                                SHA-512:0D18CA8444DF6C74CCFD74344B59F6B965783592AA4E674478ADDD5ABACF0518C4C0060BB07E7471BF550A909F50E8DC6B6C779922E58EB870FBCF2E0F298757
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B............." ......... ......................................................O.....`...@......@............... ..................................4...<(..........8)......0.......p...........................................................8...H............text............................... ..`.data...............................@....reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.8080160066573665
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:PAmShxA/HmWQzUWUdWxNzx95jmHnhWgN7aIW5Y3YHnsTX01k9z3A1GUST:PlexWQzUWUeX6HRN7GgYMTR9zUDST
                                                                                                                                                                                                                                MD5:6D8E075425E16A234FC8F5463C11BEB0
                                                                                                                                                                                                                                SHA1:97D419FD390DFBF214FB7CFCA029A3458554F55E
                                                                                                                                                                                                                                SHA-256:383907734CD3DD76969A359423AEF226CA131AD085FEFDE4943F9B6BB9B28102
                                                                                                                                                                                                                                SHA-512:45B57EC21B8E618E83E0B0B790A6C5964054D50C3DB8D88A7B564201BD693746C555A0203C50F7DEBB6888222A0BE8307598C6451AA1FDF254E48D1CF5A1A795
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................Q)..O....@..................0)...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):145712
                                                                                                                                                                                                                                Entropy (8bit):6.215648320789539
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:gHiUYBgRTeY0dpwQn60x7cftbgZ7eInKT5DFN3+M9:tBgcY6aQn60x7cftbgUHl7z9
                                                                                                                                                                                                                                MD5:E65ABBCA33F2ACA899D9F5106D6C4CE6
                                                                                                                                                                                                                                SHA1:27E9980354458C7EE097F752874C1F6D95EA66A9
                                                                                                                                                                                                                                SHA-256:CC685536EB2061DD6CAF225E353334AA9179AFAEEC105836CBE3B84B88E3BF1A
                                                                                                                                                                                                                                SHA-512:C7614E260036828F863764FE41920DCB46055928DD5274628C317C3997C95161D131A02358ADC1B7E3E25928AC24434FCFCF49DE5A6DDE5C5A3FB2B947265F95
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-Z............" .........0......................................................J.....`...@......@............... .......................................B..........0)......|.......p...............................................................H............text...g........................... ..`.data............ ..................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.732264017448511
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:QJ+yQNWbKDWdQYA6VFHRN7XblAcGkELRPR9zjOZP:7DVFClruyQ9zKl
                                                                                                                                                                                                                                MD5:3DE56E93F4E1D8D189EEB58D935D39B6
                                                                                                                                                                                                                                SHA1:1534FDD929DF529AB29EA4DBD1E9E9D3EC51C949
                                                                                                                                                                                                                                SHA-256:07990D092B8200A012C83B871324F18AC8C42D335EDFD570A1D6A695D55E43E7
                                                                                                                                                                                                                                SHA-512:893F5F8D72AB2F0C48E33C7A38864380571D57E162A371B2B4E4ED879CFC37F220117860C7DA324EC5BF57F683B70A78D3BCDE010ED67A7AAAB553D5C9AC4C6A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#X9..........."!..0.............n-... ........@.. ...............................G....`..................................-..V....@..................()...`.......,..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P-......H........ ..L...................P ......................................../e5.)5a..7.......C....V...D1.<t..I.@.......@K..T.H...._.F|..;9.j..TIKLL.tV...=.R?....../{..X....J?....i.M.d..]....w.(.I^BSJB............v4.0.30319......`...x...#~..........#Strings............#GUID...........#Blob......................3................................ .....................O.......................c....._...........}...........6...........B...........................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Common.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):414280
                                                                                                                                                                                                                                Entropy (8bit):5.92089676794765
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:xCBivlueKi3O567Rf25THDAbPvFsPdBXP2hpqW0/nx0q:xCaKi1HF4BfNx
                                                                                                                                                                                                                                MD5:DDD24ED9FE3B256AB955554893D832C6
                                                                                                                                                                                                                                SHA1:DDF4603FC7AB70F5E49C3CC7F7C691977EF82DD0
                                                                                                                                                                                                                                SHA-256:DF409DE7822EBE4871AADEF1F8E4A553406395C8D692704037781777BA650300
                                                                                                                                                                                                                                SHA-512:F1497BB0CB39A325923BD13314A8C8125B06978BD2D6BDB7387F4E838D27AD0E735461C8BC2584E421E9C9E8DA2AAEDC6757CAD6F6678EC5BCED41A81E8D0E34
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$..........:C... ...`....... ....................................`..................................B..O....`..................H$...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......8...................h...pA......................................"..(0...*2.{1...(@...*Br...p.....(....*Bre..p.....(....*Z.J./..*.J.1..*..(....*..0.............(2.....-..(.....r...p..(2...&.-...-..+..T.*F.r!..p(3...,..*.*..*..0..1.......(....,..%-.&.*..(.....o4......&...,...o5...,..*.*............... ....(....,.r...p......%...%...(6...*..(7...*.(....,.r...p......%...%...%...(6...*...(8...*.(....,!r...p......%...%...%...%...(6...*....(9...*..,&(....,..r...pr...p.(6...(:

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133424
                                                                                                                                                                                                                                Entropy (8bit):6.077871799095023
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:DN8FFc4yeP4SyuvmH00N6no5WvCIp4oRcreUiY:eFFEimpjHo4eA
                                                                                                                                                                                                                                MD5:9436B672EF85B0060E417B93E6F4CD05
                                                                                                                                                                                                                                SHA1:589C7567B4B9FBCFC69048DF509A8F401F31B49E
                                                                                                                                                                                                                                SHA-256:FA7D94825EC7ADEF2171952CE5A176B74CF97CB3C7A792A83A0CC03EB4A3B071
                                                                                                                                                                                                                                SHA-512:A322D1D8D45CF3E5DEA7288BA1C192D5792D0C409A6F0140846A302AF5C33BC4AFC0D11DEC81384B7CCFF8F9B66BFF1F1C20B6A357B3D6AA95A91B1A06BD3E50
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....|............" .........0.......................................................'....`...@......@............... .......................................-..........0)......<...H...p...............................................................H............text............................... ..`.data............ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Drawing.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20776
                                                                                                                                                                                                                                Entropy (8bit):6.428726027972037
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:v8iP7uC8MYITetNPBw7vaWxAtWdYA6VFHRN7DkELRPR9zjOmxk:vRMPD8FClQQ9zKl
                                                                                                                                                                                                                                MD5:72E86E777EB37C25309D9CA02FB173D2
                                                                                                                                                                                                                                SHA1:958DBEA0B0EC16624B24F05A13633642D929A3C0
                                                                                                                                                                                                                                SHA-256:4EF5CE2DAFC66D495B9D075EB30AA5DC5C32A84FBFB2903E57E514A7BB4ACC96
                                                                                                                                                                                                                                SHA-512:E15CA60C6D30BF4A661B51D7034E055224A89B108CEBA7FEF13C9246391E46DC05D35E6F46AD6FB0D115CAE7DE6371F6CCAA71695D56A84C9FB9DEFEFC8FAA36
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b=... ...@....... ....................................`..................................=..O....@..X............(..()...`......0<..T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B................A=......H.......P ..`....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.6920378205912305
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:8YwoCMWs1CWSYA6VFHRN7xo0yzxIPaR9zEs4M:8ToF+FCl+0yzxOW9zFh
                                                                                                                                                                                                                                MD5:61F1E563B3D2F94B3392CD568254FCE8
                                                                                                                                                                                                                                SHA1:E5F006FBC73D470081D92C2DFD47C13382D78438
                                                                                                                                                                                                                                SHA-256:9E24A4F9235027AB72D2480FA54EB291AC46E86354F240426CD8FA0FDB2BF197
                                                                                                                                                                                                                                SHA-512:4CFA20B326B7729D1483CB1AEBBD261A4B6FCC46948C91C4EC844D34038ECBF94C84AD6959AE499AD8C7F05D72C2CF1A19A1C09BC5D25B1B98A81A51B8712357
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.,..........." ..0..............,... ...@....... ..............................L.....`.................................e,..O....@..................()...`......x+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Asn1.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):244000
                                                                                                                                                                                                                                Entropy (8bit):6.507233565279823
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:IgsUsdJHsqVpPq+Pu1Nr7tXAjsEpN0Qif+H7zgiuG4krZAuZAt0/+9MyQ4UjIPKx:zTs/Hsq7Pq+67qjhp+QifaCtz9VTKp
                                                                                                                                                                                                                                MD5:CDF076CA69511E705F6F5B753098F9AF
                                                                                                                                                                                                                                SHA1:90D319A2C2206528DDC216C4B7A55F3011EBBAF8
                                                                                                                                                                                                                                SHA-256:689C8742BA53CD02774B1E7A94C9C9F15767C4BF4FCBCE2B801B916329BAB51A
                                                                                                                                                                                                                                SHA-512:1ADABCFBB98CAE2AEF81ECC4C7E3E423E02955691FF0B6FA0733EC764CD94DEA6CA9A3F2797D60760E28FE053F7797F77F3DC8B854A627836C020B569B05E13D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....@...@......................................................h.....`...@......@............... .......................................P.......... )......h.... ..p...............................................................H............text....=.......@.................. ..`.data....*...P...0...P..............@....reloc..h...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Formats.Tar.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):272664
                                                                                                                                                                                                                                Entropy (8bit):6.5102889309866585
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:OhWQ+7dHwUJgHKaDh3ZQDQKEtS5SQTc3XPOsu1t4jnX4Sly4cv8zq/xv642ucUpX:Y5+7NIHCEJ9ly4DW/2NfpgzAmR
                                                                                                                                                                                                                                MD5:41A6F214168ABD16EB912C85ACC09E6E
                                                                                                                                                                                                                                SHA1:29441BB9FA6E8B7A3F058FD511490025C920246B
                                                                                                                                                                                                                                SHA-256:4AAA042DA8CCF199E8131429FBE28B71A8547B3CB8ED20D3B6962BA6D45770F5
                                                                                                                                                                                                                                SHA-512:B977AC9C155CEE618739A115A495EB92EF270A5B0DCA1DAAE4C78B836BE3A7D3EC06B030180AED0AD116C4DA6A98AE7185D919FE141A667AF6FEEADA0C72030C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....!............" .........p......................................................Q.....`...@......@............... ..................................t....f...........)......L....%..p...........................................................x...H............text....|.......................... ..`.data....V.......`..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.766379214654712
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:c0sRqXWDRq4oRqm0Rq7WSYA6VFHRN7XgJ8KER9zly1O:9mqKq5qmuqFFClwJ8R9z01O
                                                                                                                                                                                                                                MD5:D21C365011A6420D58FE6EBB86C5784E
                                                                                                                                                                                                                                SHA1:7EEA87877D56968A80A940C5FDD72E7416CB666D
                                                                                                                                                                                                                                SHA-256:C016FF9595BF28A1D507A8058BE786FD0EEA635569EAE5E27D8F7B0B8D2DE0F2
                                                                                                                                                                                                                                SHA-512:FE74960971E974771D86195B317A5096412868654F151CA2BB1FF4E058EC8315AA19613C2423597A6C02F88BFFA4E6C05360C1143FE09306955DA48DEF5C9477
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.............>+... ...@....... ..............................H.....`..................................*..O....@..................()...`.......)..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................l)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.821063767728242
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2gKxRPWYRg7Rp0RjWCXYA6VFHRN7HoJR9zgwmL:2gKnN+putXFClA9zA
                                                                                                                                                                                                                                MD5:0DEE67964FCB385F9FA8B7C3828ABCDD
                                                                                                                                                                                                                                SHA1:831A65D098049E4260A24B7C6AF40B1F97E4D598
                                                                                                                                                                                                                                SHA-256:07C60EF102AA7DFAD2BC691A9B4B9D827C40934C4E88029E19E9694267B93465
                                                                                                                                                                                                                                SHA-512:277719C8981D6EE5F86E58FD6F1D554E9044B397A0598C4FABF7B7E6F8243A86C96114EA3DCAA80EF9942F47C60D0CB27DABF8CA081437A20A94312C4155DC52
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............)... ...@....... ..............................5.....`.................................o)..O....@..................()...`......p(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Globalization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.706885767315989
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:9D3RLWdRMCRA0RHW7lX6HRN7U3GiNbZR9zBd6o34:9Dh0jAuSFWmFT9zz34
                                                                                                                                                                                                                                MD5:1104F40E8469C5590E7EFF79F7CA7D20
                                                                                                                                                                                                                                SHA1:D156ECD4719973DCD81AA14D1A5E25C403506E66
                                                                                                                                                                                                                                SHA-256:B5809B99963888AA99A958A22982CDDD7235C09053466F2922C3AB120CBDE456
                                                                                                                                                                                                                                SHA-512:2126C5FF977F4E1A1F1CD0D5E96C0AAB5476CE12C9EE14B3AB9AC7180C9483F681029C961E3031D82F788B2172F647FADFE99805BFAFD9A2625723B0C1E9273C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............" ..0.............v*... ...@....... ...............................q....`.................................!*..O....@.................. )...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84280
                                                                                                                                                                                                                                Entropy (8bit):5.88073044398993
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:pR6V+A9+/PACL3jKhNro9wbnjVZE+eU6phWpGzFT:pR0Z+3Ai+hNroebns+P6PsGpT
                                                                                                                                                                                                                                MD5:75A8A0B838312CA85F7080E46E2AD772
                                                                                                                                                                                                                                SHA1:0CC9A61CD1CFC94CB62E398161E55326AA746A34
                                                                                                                                                                                                                                SHA-256:2172BDD60DDE91FD530473D4C8D7BD96EAD15CCE886B438F3B39363DE781C671
                                                                                                                                                                                                                                SHA-512:770A19C2C1CE7228835AE58198CFA9CCB52E1D9AD246D18069354F0BD94D2A1A2BCFF430F59B5320026C625EB47CF2B6F650659E1F69D8E1AB5334AC806F63D7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0............................................... ......."....`...@......@............... ......................................|(..L.... ..8)..........@...p...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.764939082374204
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:5tfL/jFoPaWuJmW0xWxNzx95jmHnhWgN7a0WamLkoiINFPKBWX01k9z3A+olmV:PfLxKaWuJmW0aX6HRN7R1t8KER9zllV
                                                                                                                                                                                                                                MD5:C804A5B35533C6C78ACDEB7928617388
                                                                                                                                                                                                                                SHA1:C037FD5B022707FEA213F703C22682CB4A2C95FB
                                                                                                                                                                                                                                SHA-256:1481A72E898D6A995BB99EFFFF60AC5CF4D49463A24DC23EA6F73B5E69E3251F
                                                                                                                                                                                                                                SHA-512:EC938C04E946C36CB378A387D8E8EB679E16A43C4E0E75C6DA8A428E426B0EACBA7170758EB1199A45B18A1239EA61806ACA85FBAFF698D6FAC77B3FC8268F07
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.t..........." ..0..............)... ...@....... ..............................X.....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):55592
                                                                                                                                                                                                                                Entropy (8bit):5.794508588818863
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:WrHCYlbejwSCGs6ZQyvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvB:WrH70jSVyvvvvvvvvvvvvvvvvvvvvvvZ
                                                                                                                                                                                                                                MD5:78C22A26EF9F5B8411C0E3CF5AD7441D
                                                                                                                                                                                                                                SHA1:0B6893BF383C5EE0A72FF0037D8D6A49D986718E
                                                                                                                                                                                                                                SHA-256:7AB974DC21BA2583908C76AB1D341668B737C31D77A450C964D54579CC23DA5F
                                                                                                                                                                                                                                SHA-512:C0B6A08BF8A91A27CC9D6C2B3AA6555DAF6F5F5F959A8D188B0054AD25CFA1C171954C45FA68CB09579B3306D4AAC6D3254FA477DCF036609AAEF2DE1CDB2839
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....l..........." ......... ......................................................E.....`...@......@............... .......................................!..........()..............p...............................................................H............text...8y.......................... ..`.data...A...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Compression.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):264472
                                                                                                                                                                                                                                Entropy (8bit):6.548591134679868
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:pAindQCtmkal13Vn7vUoD2+bkf/B3q1GqqcJIbaIksoRirnnMpDTp/RbC++xMQPp:eidUT3tn3bwNKvco4roTpcaQPEamBHY3
                                                                                                                                                                                                                                MD5:D9F34984A15B7E1651950F7FC4212AD1
                                                                                                                                                                                                                                SHA1:E31F71380FCC9BA64847F0B60D8DB85671F83F85
                                                                                                                                                                                                                                SHA-256:E595732C065539AB183FBD27CF5E42C63D11079F7ACBEAE455421B5E2E73B669
                                                                                                                                                                                                                                SHA-512:FCB010FBCEAE2197AD927265DD5FA5A8CDE9E0859C127144A0DEC5E33592CCAE6CDD840F1CE15BE216EBDB6755374AD8D14162303219A4C2D5795AC8F267DC65
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P............................................................`...@......@............... ......................................df...........)...........%..p...............................................................H............text....|.......................... ..`.data....;.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):104728
                                                                                                                                                                                                                                Entropy (8bit):6.04299609988956
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:xxkAAMNiDSjaabcPihEzfQHlDE7H+CAvpYx/K8yf9DSWXpzF:xxL3YuiA2dbi/f9DSypx
                                                                                                                                                                                                                                MD5:7B8853FA50238165F45E3C6B33D6351C
                                                                                                                                                                                                                                SHA1:5168A2CB788E45828329959A8BEB2ECBFB49112F
                                                                                                                                                                                                                                SHA-256:3053AB194B17A8175155651B35D0FCB62F3D8F0C3078CBDC2627C4C7669042F3
                                                                                                                                                                                                                                SHA-512:5A980D92DC624D433AA929B6643D05710058B71CE0FC85814C80421578E6BDF94A0900221B59DC8458DED615A655C809A5907D3960F0BA98AC2392A3B424B23B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...U............" .....0...0...............................................p............`...@......@............... ......................................P-.......p...)...`..........p...............................................................H............text.... .......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):55608
                                                                                                                                                                                                                                Entropy (8bit):5.425657754099587
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:FhuF4f/D8T5a9OkVAJM1/1PC0lr1sklWIk8R9zo:FhuKD8NawkV51/1a0J1sklW8zo
                                                                                                                                                                                                                                MD5:D65CCF17AE03862430A708738F23980E
                                                                                                                                                                                                                                SHA1:2946EC1A63DDE5130CA32274D34C02A70E0F3CA4
                                                                                                                                                                                                                                SHA-256:D7BF8354D118851E2CF0934CE8AFF5DE79C12362FAB51107E8C42BDC20C2B39C
                                                                                                                                                                                                                                SHA-512:DAD79CB469E724DAEB51B72611BEFEA74FE24029A5135C729B87DF2C81781DEB2ACAD08EDB0FA295ABA50C8C5A1AC41802528C5ADE8F3629538FE35B2A9347FA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....7............" ......... .......................................................X....`...@......@............... ..................................................8)..........`...p...............................................................H............text....p.......................... ..`.data...E...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.821694638098971
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:z1qGW/dqWMYA6VFHRN7eVXC4deR9zVj7qgTyS:z1qtgFCleVXC4dC9zVjBTN
                                                                                                                                                                                                                                MD5:67EBDED0179552C303E213781BA5DB4E
                                                                                                                                                                                                                                SHA1:BAC421FF4E7F2CE0CA3073294E19B6C19B587F74
                                                                                                                                                                                                                                SHA-256:7C2AEF2BD75EB88874D980358D91C66DE8919DC887FA94CF1EDD770C3A8E5F74
                                                                                                                                                                                                                                SHA-512:5A8EA7ABA4E118036898625CA47D6842EF0E5FB19DF1B847BDB5DFF73ED52ADBEC7CABB26D54CD8D44605178E355143814FAE6697ACA27FC292866A6302BBE8E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............)... ...@....... ...............................;....`.................................k)..O....@...................)...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):88368
                                                                                                                                                                                                                                Entropy (8bit):5.877540050029605
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:BRo/2qh+M5COJu0ZOqpE5fer4GRv33333333333333333333333333333333333W:BOOGVVu0Z5pw2r4G933333333333333m
                                                                                                                                                                                                                                MD5:0713043930CD3C83563EC283D10742DC
                                                                                                                                                                                                                                SHA1:88CCAFEB1BE351C16A3BBFDBC6E160031E3A9B77
                                                                                                                                                                                                                                SHA-256:3B6BDFB5BAD16C2D2126EABB74A9859CA414FC75E6EB520E93D3A43ADBED7640
                                                                                                                                                                                                                                SHA-512:BBAAB646F9BE8AE26E0AD00DFDCEC00F8F00968A594BF4C030D0272D2E8F6147413CB939FE4C1563A39AE2566532E429ED0D1362189EBF9205ADC12AADF26A32
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....P............" .........0...............................................0......t4....`...@......@............... ......................................p).......0..0)... ......`...p...............................................................H............text............................... ..`.data............ ..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.FileSystem.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.72885945570015
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:iW4RH8FxAvoeTbWyp2WUoWxNzx95jmHnhWgN7agWnY00pyEuX01k9z3Aly+KIQx8:34RH6FyWyp2WUHX6HRN7CEpcR9z0BSte
                                                                                                                                                                                                                                MD5:5591B6C98BCFC539D04FB4116CD1D18B
                                                                                                                                                                                                                                SHA1:330F3ED4D9B6546364FD04E78DB1EAC9CDAE050D
                                                                                                                                                                                                                                SHA-256:4A61B376B6E77FC3FB20ED4ACDA6DBDCBE22D9BC30BF4E06925C003ECA391269
                                                                                                                                                                                                                                SHA-512:F47FD870FA993ABFFB90C575AD94EFE1FA347944C0435102065146477B2BF1E60EF9493647538949EB19173F4864188F4D407D4B997A5FCB33E653C5A184E410
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............+... ...@....... ....................................`..................................*..O....@.................. )...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):92448
                                                                                                                                                                                                                                Entropy (8bit):5.820503518807393
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:JA3qoT3QvNN08kx2/YE3SjZwKPU7+GGlux8a5htWgEp4z+:JYq23QvNN08kxM3SjZwKPs+GGluxptXy
                                                                                                                                                                                                                                MD5:7314D93D8AEA712CC1A2D9B72FBFEB2E
                                                                                                                                                                                                                                SHA1:F9F213CFF762F5006742DF60872EA9B9172E7322
                                                                                                                                                                                                                                SHA-256:BC9EFF07BA9B2C4F4DD82CACE1409A594CAAA263EA481FF7D095EE32170331D3
                                                                                                                                                                                                                                SHA-512:5919A654FDFF9452CE14B0D9951C8B33DA0BE8693288AD6364CA4EC1D116B92884DEF110A5B807F02CBE1CFF6F00091107C8C17AA385F1B4BA582344D04C440B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.N..........." .........0...............................................@............`...@......@............... .......................................*.......@.. )...0..........p...............................................................H............text...m........................... ..`.data............ ..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84264
                                                                                                                                                                                                                                Entropy (8bit):5.806191116216466
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:ROxV+zNttvCu2mNikiq7Zb8G/ve/caa9WkA6/iLzUiz:ROx0Ntt3Pisb8Ge/ltkAyQUi
                                                                                                                                                                                                                                MD5:F77A293786087936DB47A5F85D028681
                                                                                                                                                                                                                                SHA1:1F484F14468C4E28C61E04D20CFB77949F7F1E3D
                                                                                                                                                                                                                                SHA-256:C4CE83776FAF64605E92041546DD886D7718AABDB79585F372822F4943F10CF3
                                                                                                                                                                                                                                SHA-512:6E937A2C3A80E8B9058DB6C2389085765FD7A449753E4B3ED3DD9F2EA4ABF44DE45BD54E1F9F06AF2A1A8B3C876730898756D621A9DCA310C6430D47171B8557
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........0............................................... ......j.....`...@......@............... .......................................%..|.... ..()......<.......p...............................................................H............text... ........................... ..`.data...`........ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16656
                                                                                                                                                                                                                                Entropy (8bit):6.745569370541998
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2OeIbSlW+WPWuYA6VFHRN7DEpcR9z0B7QWd:2OIyVFClDEpw9zaEWd
                                                                                                                                                                                                                                MD5:C9E5B4FB06655ACDF85805F9BFAABAA8
                                                                                                                                                                                                                                SHA1:0434768A5419391C748787E55E7E43CCA69DECBE
                                                                                                                                                                                                                                SHA-256:357478614E285906C5478249E1FFBEBF08D5B8FD508FEA854DB6632540FC2E47
                                                                                                                                                                                                                                SHA-512:3DC99ECA3BD14B422C633FA12E081044BAA1756DEAD3D633BA338E7435B5630303ED53D39A681A018047EC4CDB97C8F028EFB91EC16E37F17F28F228F2E68A28
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............,... ........@.. ..............................b.....`.................................g,..T....@...................)...`......`+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........"..x...........P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.Pipes.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):166176
                                                                                                                                                                                                                                Entropy (8bit):6.346058751718644
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:VN2U8z8G2Xr0DUXHw8pLZx1w82V+qyp8E9o8vFM:TJ8z+4D98pLiE9o8vi
                                                                                                                                                                                                                                MD5:E2998F0D8693BB46B40A210FA04F9BEE
                                                                                                                                                                                                                                SHA1:645C748C1F9D738598BD8C272FE799A02B0D3D60
                                                                                                                                                                                                                                SHA-256:1972A42C7B9045D102AD48081CD93DC4D96DAE9FF016F75687D4887D03D2920E
                                                                                                                                                                                                                                SHA-512:B1B3F451E91DB813ED013FA4547E83F905A35D2A9E2EF557262EA234E1D9F0F2C4E5761F1E3C78A558C8DFB970D9FE47D987179927331915A8BC680B15E8D1C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........@...............................................`......;.....`...@......@............... ..................................T...|@..X....`.. )...P......H...p...........................................................X...H............text............................... ..`.data...6/... ...0... ..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15632
                                                                                                                                                                                                                                Entropy (8bit):6.829247129940496
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:PWvewMxAqj5WjB+WvpWjA6Kr4PFHnhWgN7agWzFY00pyEuX01k9z3Aly+aI4O:umwaJWjB+WvYA6VFHRN7wEpcR9z0BSO
                                                                                                                                                                                                                                MD5:971EE5253BB544A7B2B3A1077C2C6008
                                                                                                                                                                                                                                SHA1:FCE7DB0F757434DF870CC2113DDD67B893C56CE7
                                                                                                                                                                                                                                SHA-256:5B614D49BBA36FF77CAA7A760A1E2C1642435A1FA949BF3BD25015BFFF91473C
                                                                                                                                                                                                                                SHA-512:EBB00CFB6916B79A49FD1B6E0F9C7D77373B747D452466D09CD6689297287C8FE7AFE45E5C341B46998AE7D716D62EA88CE3B0EE26D87263C83DA4735FBE344F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............." ..0..............)... ...@....... ..............................n.....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.IO.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16144
                                                                                                                                                                                                                                Entropy (8bit):6.68496802568185
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:7283vFlW2ybWaYA6VFHRN7Uxl/7R9zj2IU9S3N:K6F+pFClelF9z6R9C
                                                                                                                                                                                                                                MD5:A341F35D1B875B0C07079117BA94DD5B
                                                                                                                                                                                                                                SHA1:1302496E225CC36B8DDFC838CA39061936EFCE0F
                                                                                                                                                                                                                                SHA-256:FFC7D4206C7B0C9E92C69A00120CE0859440709E8E5E5EB476572985EA040023
                                                                                                                                                                                                                                SHA-512:89A55CCFC5E4ED80B44E92941CBAD65BDD90E48FC0874DC712F1549BAF557EC85A7BC960B18D304DB311D996918653A771A78808B5D5AB150B4B2DFD33A4A757
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0..............*... ...@....... ....................................`.................................7*..O....@..(................)...`......d)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................k*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID... ...t...#Blob......................3............................................................=...........h.....#...........S.....i.....8.............................Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Expressions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):3676456
                                                                                                                                                                                                                                Entropy (8bit):6.685377818335155
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:oQngtOBPgD5EUsp4Zq2daW7L2+K06Fs4sZ39SuDsFIW/pj:3GOB4Ombp8uDsFIW/pj
                                                                                                                                                                                                                                MD5:B6A58A0AC1AF936FC5F14F8F2D44D1E0
                                                                                                                                                                                                                                SHA1:0738563464D22751D4ADDFD268A57181CFBE562D
                                                                                                                                                                                                                                SHA-256:F961C3396AADC6AD4475F12EBEA85743D01B015423FB216DAF3DA7A9B7F3ACBB
                                                                                                                                                                                                                                SHA-512:41E3E393866711A811AD1E8F0E184905D4F790BCAC061F41BC42679ADE647A77B2861323FB2A3D7C78660C24EB45680FC72AB3953783C1137D428B8600F80FAA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....<k..........." .....P1...................................................7......8...`...@......@............... ..........................................`.....7.()....7.,f...b..p...............................................................H............text...dK1......P1................. ..`.data........`1.. ...`1.............@....reloc..,f....7..p....7.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Parallel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):805128
                                                                                                                                                                                                                                Entropy (8bit):6.742092274429004
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:Hb8dNdBKT9DzuU4/sKE5QmSfc+1yQgdYWrwG00eK0CszcyYoq:Hb8jKT9PuO5QmaryQgdYef0ZK03Hq
                                                                                                                                                                                                                                MD5:1E9DB6EC85E31D87782D10CB2A5A6132
                                                                                                                                                                                                                                SHA1:FF0B9CA05BAAA3028874E6CEC5FAF4188F7B28BE
                                                                                                                                                                                                                                SHA-256:7004CF19931E4688247A28AAFCD46992E1184C782EA9F6BE3C4491D327355C31
                                                                                                                                                                                                                                SHA-512:9AD6BE73F1C89A4901AF2011B051D8874903466733196C211AC114361090605BB647034CBB70CA828C5F2637F19E2656A1771516F2564B111B8F4E46DD273058
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... .......)....`...@......@............... ......................................x....d... ...)......T.......p...............................................................H............text............................... ..`.data....U.......`..................@....reloc..T........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.Queryable.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):174376
                                                                                                                                                                                                                                Entropy (8bit):6.299213446161007
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:KuskFLsWejwPAJ+DF8mPOfww59JK6tLUaS0rm:FswxQKAkOmPOfww59bUa5r
                                                                                                                                                                                                                                MD5:04C98DD367C3C081624578459663FE4D
                                                                                                                                                                                                                                SHA1:56976D550298BE9F9DE1BCB30D73D588426941F8
                                                                                                                                                                                                                                SHA-256:7EFDA8EA3ADC84870CA399F1973C1B48963E034158E5C8D184D97E86C8733BC3
                                                                                                                                                                                                                                SHA-512:B40AA4DD1F6D4A5723C79C3AD1C206C00671B1E9A243BA911BDCDCBDB7573C28D702BCC06E80A6882BBCBBD19A0BAF6B89047067EC11E1A4DEFD9B8B289F2E4B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....*..........." .........p......................................................Bj....`...@......@............... .......................................+..........()...p..........p...............................................................H............text............................... ..`.data....V.......`..................@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):543016
                                                                                                                                                                                                                                Entropy (8bit):6.741951464470459
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:cNYb37ypY1hh8r4bdhR+JU1/0kxryufbFHJMyS5IH/YzIhMxjCkoTcH3:MYb3GS1hh8rwdh8UxeEvAE+mI3
                                                                                                                                                                                                                                MD5:6ED1EA9A8EA41D939DA714D97F063993
                                                                                                                                                                                                                                SHA1:833F7561D58C8336E4E937DE1A2320DB45BE1432
                                                                                                                                                                                                                                SHA-256:A2FB9DD804188E44948A53C4165815F5CCCDE4CF5FED19988377AF84E86EFCC8
                                                                                                                                                                                                                                SHA-512:0A0A197AFD26FC51BB32C6A1799D31FFD1F29E9A580C67AA43141F1E7252065791C9728A0595D0B330EF232D34E082DFB544E08CA72210CB8A290FFE4340E8D1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(............" .....@................................................... ............`...@......@............... ..................................4........J... ..()......H.......p...........................................................8...H............text....1.......@.................. ..`.data........P.......P..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Management.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):312600
                                                                                                                                                                                                                                Entropy (8bit):5.971150967147675
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:lyj+butGieusJEYE1SF7c39iwjwmppwbHV/ZqPJkoj80uSxptTy+D:l4+butGieusJE31Shd/kIaxpXD
                                                                                                                                                                                                                                MD5:72C62B8FED1879C314BA757CB289483D
                                                                                                                                                                                                                                SHA1:B18D623D1745B6F09CE0DC85F3ACF1FF69F61CE9
                                                                                                                                                                                                                                SHA-256:DCA8B03636D4EF26A1727AF2B8063998491B72D1DCA547BEDAC3D65EF115D677
                                                                                                                                                                                                                                SHA-512:F5B43271C08E4696C90FE507FA0931638A081AB1C7CE1E660036D15C1B406FC7CAE265B0A05C47D29DFA25B7F1DA809F2E42AD8A8BBAD160A1F97EED176D3454
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;............." ..0................. ........... ....................................`.................................o...O........................)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........!..\`...............+...........................................0..........r...p..(+...-..*.*.~u...*....0..........(....,..*..(.....o,......&...*..............'....0...........(.......(-...-..,..*.*.(....,.rO..p......%...%...(....*..(/...*.(....,.rO..p......%...%...%...(....*...(0...*.(....,!rO..p......%...%...%...%...(....*....(1...*..,&(....,..rO..prO..p.(....(2...*..(3...*.*.(....,.rO..p......%...%...(....*...(4...*.(....,.rO..p......%...%...%...(....*....(5...*.(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Memory.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):157992
                                                                                                                                                                                                                                Entropy (8bit):6.472585497766165
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:xGyySN/j+0sbFbqX63vwZuIBo7M5F8966oYddCBuqmwehtTihdMU:eSCb6oIBo7qDGdCBuFhX
                                                                                                                                                                                                                                MD5:1E158B6E320633CA794113EEF60BD35B
                                                                                                                                                                                                                                SHA1:BD6BC89189E4546ABD4B24C3196C60CE2C2A473E
                                                                                                                                                                                                                                SHA-256:536310FAD46E9710E2378E6AB65715489C267B13A08AD96139978D97974BD282
                                                                                                                                                                                                                                SHA-512:B3C89D7F57F69D3E7B0EEFEC4E4F5E6FC56D3023032F8631E126A48B8068A30B2394FF74E9AD5FAB4D8719E42A22D8003B27B60F1A5E009986216AC4D9961356
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....a..........." .........@...............................................@......!.....`...@......@............... ..................................D....6.......@..()...0..........p...........................................................H...H............text............................... ..`.data....".......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Http.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):129328
                                                                                                                                                                                                                                Entropy (8bit):6.199319743810756
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:AeiSzjfIwHAOaaRHg/OnTRRY4beHqSZkXs3pMGeh2C:NfIaJxRHgOnN4Zkcydf
                                                                                                                                                                                                                                MD5:4248D1CB0BB05ECFCF5D97BF2C556E40
                                                                                                                                                                                                                                SHA1:BCF119421A620917E41CC1C668849FEA3225DC21
                                                                                                                                                                                                                                SHA-256:AEDF0405E5333C565A1544FF91E2B1DEEBCE8FF75345F90D9A8A3126ACEF669F
                                                                                                                                                                                                                                SHA-512:16C94D5D6C7559C8065159524F867862C112731470F8919DC755267B9CD1E94AF1162A25771DBD2371107132B9AD5F17CA504F86AB1F54AB47B31D2911F5B5C4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....p...P.......................................................O....`...@......@............... .......................................4..<.......0)......l...0...p...............................................................H............text...Qe.......p.................. ..`.data....8.......@..................@....reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Http.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1730856
                                                                                                                                                                                                                                Entropy (8bit):6.690299064412809
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:PycBozKb96UEnyPwWwnxuNnQZJjD2E1SMR/S5IP616zF1IMx1s:hBozy4UQWwwNnQ//lSMRKa0
                                                                                                                                                                                                                                MD5:5FEF63054D9A2786E932F48D0EB8C7DC
                                                                                                                                                                                                                                SHA1:36718C8A24757E6DA65DDD30AFA78691EFE014BF
                                                                                                                                                                                                                                SHA-256:D88A1E49EC7FE3EFEB41FC61E453CD22468FB729DCF451BF3B1E0C53179077D3
                                                                                                                                                                                                                                SHA-512:475A3E2DF1AE4987CA2E696D0E28E5888379700D86D496268DE72163B46D67D1CA3E336E23B88F7F0BCEE3D4714CE4695E82E6F55010C435E06B1E65194A7005
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2............" ......... ...............................................@......,.....`...@......@............... ..................................T....J......@..()... ......`o..p...........................................................X...H............text............................... ..`.data........ ....... ..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.HttpListener.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):551216
                                                                                                                                                                                                                                Entropy (8bit):6.570850705797673
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:umIF66bAc4F/B7VRZ3KY1B0hZJ6c7fkDNRd2B/hy13n5EWZgsgG4qikXOG4drZ9:TAAc4F/BJ1uZJZxhS3iWZgZQOzr/
                                                                                                                                                                                                                                MD5:F30FBE5D270D3C1D1BC8103D79E80F0F
                                                                                                                                                                                                                                SHA1:CE5C4B14BEC108F97310390A18FD989A1C1E7D29
                                                                                                                                                                                                                                SHA-256:41F81F076D63745AEC9008452DFE5494390507C914D7ED0250571F8AB3721D12
                                                                                                                                                                                                                                SHA-512:2913F9871A991FE43077AB2EF577E2EA03FD0A1DD2135ED72AF0532CD0ED0879858E8B55CCB0A8D876364A10DA45287ADEED5E80E9F2AD27D8E1E55AE8900056
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........................................................@.......f....`...@......@............... ......................................\...0*...@..0)...0.......,..p...............................................................H............text....s.......................... ..`.data..............................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Mail.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):432440
                                                                                                                                                                                                                                Entropy (8bit):6.566239028494259
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:wrcqVeM9GnQkW0a+Sdjoe9kDu0GeFowMR5JJLmqRSxnJ8kkG1BL0q3+lsK:Ue40aFP9H0NMBSxvL0AEh
                                                                                                                                                                                                                                MD5:2C96EE7E735BA59488B6A339EDC04420
                                                                                                                                                                                                                                SHA1:29CA05738467C74F9D5E7078043CBC1118E1C3EB
                                                                                                                                                                                                                                SHA-256:E3EFE9F1852535908C7EC2B1B473AA5917D0BED5D0BD2C7D5DC77B603ADF8279
                                                                                                                                                                                                                                SHA-512:94B6A5D24EC7CC15991FC7C3C86A6A51D04E7112AB595163F4DA6CD2FC2D6E38540157C1CBE703D72764EF73C4ABD4E707D4D0FF3E1268FF0AB04AD842A1D680
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....L............" .........................................................p......t.....`...@......@............... ..................................T........)...p..8)...`.......*..p...........................................................X...H............text............................... ..`.data...mr..........................@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.NameResolution.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):112904
                                                                                                                                                                                                                                Entropy (8bit):6.14105129338038
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:kKN4B8OosZjsM/flInEhNRKdRxRZDFauWFsXwYUivYtzf/:kt8O7GMF+E/RgjvDWFsAFCgD
                                                                                                                                                                                                                                MD5:830154A3A12519882938F7367080CB2A
                                                                                                                                                                                                                                SHA1:B7464994D56D3F8E615EE56A5A6228C52E6E374E
                                                                                                                                                                                                                                SHA-256:67D6CE9D3592927FDF25BA715F0E6AAA06A11EB41C13615234CA508813CD7D0B
                                                                                                                                                                                                                                SHA-512:FD0B691E44E75A85211E0D58D199A2631CE74656FBEC186F1AE3841C93694F395E4C1B64EE14BBF703056EF0F41B111E334E32CA55456EFA11D6FF890238F042
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@.......................................................q....`...@......@............... ......................................h1...........)..............p...............................................................H............text....7.......@.................. ..`.data...B$...P...0...P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):157968
                                                                                                                                                                                                                                Entropy (8bit):6.293376030261192
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:2RppMzz2p/xRtqbqW/gU/ULVXyVMn9Qk2e0tnz:YIzypRQb5sd2ll
                                                                                                                                                                                                                                MD5:0D567DB735EE434D9D42C330D9FE4CE9
                                                                                                                                                                                                                                SHA1:AFD1A4C53D18285523221E2E0BC2E757D2B64925
                                                                                                                                                                                                                                SHA-256:D3C0790E53540E6715DB61B512EFA719FD8E195781EE85913FB8832677203BAB
                                                                                                                                                                                                                                SHA-512:4AA7F32051774ABED9FF97FC16178773BF87E853A0BD554E27CFA5D393570A1A29C47F0C9FD2262FE7551335FC2687AF416CE4DC78C484D594B743E41244D523
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." .........@...............................................@............`...@......@............... .......................................9..8....@...)...0......0...p...............................................................H............text............................... ..`.data...T&.......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Ping.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):96552
                                                                                                                                                                                                                                Entropy (8bit):6.101125548127868
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:47fyYP9J1fwwSctO9hswiUgYwlFbmj/gJR7SfNNJkZphyNVMifz:4hP9J1fZE9hsw4YcNm0JR7SlfuphyNVd
                                                                                                                                                                                                                                MD5:979452EEF74DA1EF02DDED73AD00E0F2
                                                                                                                                                                                                                                SHA1:2B213C43E085910EE1584D09FEC913837E00FE15
                                                                                                                                                                                                                                SHA-256:13428704A113F49B0D6A5324BDCDC47F8D725BD139600F0E8DB5A5DC37884680
                                                                                                                                                                                                                                SHA-512:4FA9F5FF0BAE7754A8F8C9044153157ABFCC687A1768C63830E2633BDAEDB0A86923E55CE36748AE43EC3B8E79E78C6E9E710290208442501EE248241244071B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....d............" .........0...............................................P.......D....`...@......@............... ..................................T....,.......P..()...@..(.......p...........................................................X...H............text............................... ..`.data...,.... ... ... ..............@....reloc..(....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):231736
                                                                                                                                                                                                                                Entropy (8bit):6.473177149043323
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:AnDBNI7bgAZrgyBHSchuzeQ4Ak64myD6uJQ+Y6MFot5PQloV2O1wcdu:S7I7bgAZrB0cgeQe60RJNtN5V2YDQ
                                                                                                                                                                                                                                MD5:D8CEDA452779306A13FF2F310CBEFE60
                                                                                                                                                                                                                                SHA1:4447F82C5A1207B244A0AAEBCE3AB3530CD2BD81
                                                                                                                                                                                                                                SHA-256:93FA4AD1590D704DB6ECAAFBE2E388A5318212CB0A4CE435324EEE0268A11C56
                                                                                                                                                                                                                                SHA-512:7E736F6E0B57F5D527DEDB0B91291DD3EB1FB0324E5E349C4206A025FE3CEAF5B3E1F21F44653F9C6FCAA41BFD8742B4D37BC5B1BEBCD84378D2A52AE9A64F22
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...2e............" .........P...............................................`............`...@......@............... .......................................U.......`..8)...P....... ..p...............................................................H............text............................... ..`.data....7.......@..................@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Quic.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):280864
                                                                                                                                                                                                                                Entropy (8bit):6.508318800576785
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:NpnhH0ESsuurvHsPNTiiJe7ryKSIqqTxM8uGljRc:LhH0ESsuMHsPje7rAsMwlN
                                                                                                                                                                                                                                MD5:1E9B9E443C93C2C10B5ED5A18A6F373A
                                                                                                                                                                                                                                SHA1:8F3D2DEA48ED2B29178BCDC998ADD696D101D5FF
                                                                                                                                                                                                                                SHA-256:24674D754F8DF968CD688EDB57D76CC0D19CA8556FB233B228DC43265F23AC65
                                                                                                                                                                                                                                SHA-512:42BF6AD8C6707F3924AF164F3ECA305678E39F5343C96EC1415D37D1EDADFC0CAC2A7BA619D16B721999909EA773221748905E0BC7A35C9DC641C06A8662DD3A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...4.Y..........." .........p............................................... .......)....`...@......@............... ..................................T....b....... .. )..........x!..p...........................................................X...H............text............................... ..`.data....U.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Requests.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):346424
                                                                                                                                                                                                                                Entropy (8bit):6.517886198613069
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:eDpG2K8Efzpt5rc1EGrt5e15/ftXIDndDpek+fs3CU1S5m:upGp8Efn6GG7enfsyHgCU1v
                                                                                                                                                                                                                                MD5:15453335CBB5A8C13B6C3579CB27EF44
                                                                                                                                                                                                                                SHA1:4290DC1F4674F46AF1BFCFA2CAEFDAF6E29D5236
                                                                                                                                                                                                                                SHA-256:2AF7C808F26966E6F607C5E64F8D0117301E0EB3BD830C0731C7B1C2811FEC5D
                                                                                                                                                                                                                                SHA-512:07C36FF474FB60609AD531CCA73B3ED3B6B7EE2F764DEE61F17108D9399EB07627D31585108BE25FC7161CF018893A0FD91BA70E0D1640D48F842376C00CB6B9
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Requests.dll, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Requests.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... ............`...@......@............... ..................................t...p....#... ..8)......H...P)..p...........................................................x...H............text...j........................... ..`.data...=n.......p..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Security.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):669992
                                                                                                                                                                                                                                Entropy (8bit):6.743467370555766
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:eXujiG31ToS7RD8B8XmDeXPRkUhIP1dD/m1p6X90QdsAYcNCyJ:eXRGneOkDDI6NVS7cT
                                                                                                                                                                                                                                MD5:346732F74DAD8A8D557FB494D5636E63
                                                                                                                                                                                                                                SHA1:3943BDF4BFB6E4F1A79AB5027BA7E2CC3A88FDB4
                                                                                                                                                                                                                                SHA-256:F8D695445499BCC4CA8A41436DF9167B3A730EE0FECF9DC2A40E998C769EB1B8
                                                                                                                                                                                                                                SHA-512:65E678314C4566823A491CCE1E8EF674E5B78CA1C11C67F86C4EC92FF609D7F66FE9B3433123387ED644B044B7B670BFFC490769C87A9A8D11E868999FA0B18E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ..........................................................lJ....`...@......@............... ..................................t...h....7......()..........8+..p...........................................................x...H............text............ .................. ..`.data...h....0.......0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.ServicePoint.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47384
                                                                                                                                                                                                                                Entropy (8bit):5.320340299131119
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:djM1jzxKx7KzNzY7okroiIpPMOWOYe9zHz:djM1jzsRKB6ovi6WdazT
                                                                                                                                                                                                                                MD5:92C47820207565CCDF190FBA0C055297
                                                                                                                                                                                                                                SHA1:4695E165E2C162393FF43BC86731C50E8AB2C380
                                                                                                                                                                                                                                SHA-256:613B5DC25C72833A5A75BA80C59CFB4CF5522C7A6AD39D2D27A005CEEA72C857
                                                                                                                                                                                                                                SHA-512:B0204A39FC18FD854517E3C90A7459151602F8B6142F622FF168E12C49EBAA9B9BB0E27A87CE708947FF17D526E12A41EC7958AB7A9DEFDC4FC0AA8C3D2596EA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`... ......................................................\.....`...@......@............... ...................................................)..........X...p...............................................................H............text...HU.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.Sockets.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):547096
                                                                                                                                                                                                                                Entropy (8bit):6.628823968958786
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:ZZ1V7iKdtxaGNUL2Sdr5Nzv0SOFjdP0E/0NYv:ZZ19ietxaGDSzxOt6EsI
                                                                                                                                                                                                                                MD5:E4D73542713F8FB1DD0E7E5E142443CA
                                                                                                                                                                                                                                SHA1:2D4C8B35C2EFA76C1FE95D0107B40781C51E4EC5
                                                                                                                                                                                                                                SHA-256:928CB763462984DF68C19B44B41CF27D002F8B5CB4EF8BA8EB8A6F0602F6B2C8
                                                                                                                                                                                                                                SHA-512:204EC8A2D43C30F2673C4FC7E6543EA0CE71DDB56C0956B0B1B2D8B53A34745E12A09206D6D1B8A8CB019A3D69324DA068687DACCE87255F98421F3723D399FE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0...........`...@......@............... ..................................t.......|8...0...)... .......4..p...........................................................x...H............text...8........................... ..`.data...az..........................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebClient.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):170264
                                                                                                                                                                                                                                Entropy (8bit):6.42995613243351
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:Pl6InCEQ8/qNIJ55jOpC2poY3ykJ9rijMFpR/8NM:QXEv/8IJOvpFFH8a
                                                                                                                                                                                                                                MD5:F87B4ABDB9661C494CBFC3A1A6F1939F
                                                                                                                                                                                                                                SHA1:5948DD100146C6E2966E5E57A967B990EB6D6D48
                                                                                                                                                                                                                                SHA-256:E92BA4FCBE48EB14259778EC442BF6330A85517D290675E02C7BDDF8C6752ECA
                                                                                                                                                                                                                                SHA-512:B3A55EFC33150937E48385DE402362C4112B51B78C6CFBEACA749997295C4B0CCC9BAB301F69F6C79E4897BAEB344FF273B7897D79489BB0C33ABE7A6A277045
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebClient.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...GbV..........." .........P...............................................p......;.....`...@......@............... ......................................dK.......p...)...`......@...p...............................................................H............text............................... ..`.data....8... ...@... ..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):67872
                                                                                                                                                                                                                                Entropy (8bit):5.782301099321138
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:/SmwVOWqRmRfYtHQ0Yx82s88krahmqOwA83qJKAFE6WHKV6q6G22N7XK6RH4wqY0:/ShAWqxbYx82s88krahmqOwA83qJKAFM
                                                                                                                                                                                                                                MD5:1F48CE4F560C515D93BE8E631C6639F6
                                                                                                                                                                                                                                SHA1:0CA5F7790AEFC8927B37149B8ED9EDCBDD054872
                                                                                                                                                                                                                                SHA-256:7E1855C9965554D7164BA73D355BCAC2E28C7E253D35D07F58F718B8CB037730
                                                                                                                                                                                                                                SHA-512:C2879328B25CE351C3DFDDE6AAFE1148BEC7499E261FD9FA6380026D17EBB17EC008F4E07F81E08DA90744DF8454FE479F45454BCDEDC105B35AC7316700C9F4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." ......... ......................................................8.....`...@......@............... .......................................!.......... ).......... ...p...............................................................H............text...J........................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebProxy.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43304
                                                                                                                                                                                                                                Entropy (8bit):5.4543981044661525
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:n3WpvwWJRCJtK5ZkEun+JBTeZDeRbOkKsdEbCLv+CTFLfyO5Ei066gaiGkXYA6VS:n+jRCJWDKCEtOmo6jiJXFCl+ds9z
                                                                                                                                                                                                                                MD5:C77A9EC63CC7588D5C7FDAE75CA4BA0A
                                                                                                                                                                                                                                SHA1:912B2FB046EFC6152755A79CC4FB20A096F74483
                                                                                                                                                                                                                                SHA-256:B28FA5FCE149A161C1619A8C40A6B25F6FCB0F44E4C0580B721D38F024AB3CB8
                                                                                                                                                                                                                                SHA-512:6788378D707983AB8DB891E489E1169A214A9E54D400522D6E39FB89B4130A885213947AB3F3AB05201D5AA68B629912E68AB52A05438DD8272DF3C6DF7A08DC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...IE............" .....P... ......................................................I.....`...@......@............... ..................................t...............()...p..........p...........................................................x...H............text... L.......P.................. ..`.data...=....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):100656
                                                                                                                                                                                                                                Entropy (8bit):6.037382679706859
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:p3Y1cu9IUexVQtU3/+wUpHK+yT7G7bw0LCEOsW8zu:p3Y1cDl8tVK+U67bw0LCEOsPy
                                                                                                                                                                                                                                MD5:F60FC5DF9579B7807A41F83996A92336
                                                                                                                                                                                                                                SHA1:F1DFFEF2B7B52DAD59C93B438CD8C9FC8237310B
                                                                                                                                                                                                                                SHA-256:5AF953EEE1E6B527EDB09EB3D51265A08BF0CAA9B57A1064176C7A726E464A35
                                                                                                                                                                                                                                SHA-512:A74D1D0AB4AE318792443D65B1E8F039DD63FEC0BF12E8C140C4C0DC5B28BC6760D17751D8C08C339C43ACF05FD42F6F68E625B7F4E45CAF31A14A979BE55050
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6&............" .........@...............................................`............`...@......@............... .......................................,..<....`..0)...P..x.......p...............................................................H............text...s........................... ..`.data...s!... ...0... ..............@....reloc..x....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.WebSockets.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):190752
                                                                                                                                                                                                                                Entropy (8bit):6.370812726125536
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:c2OHqla+5t0nMuTBUuzyDbYCOi+dWuWVyRAIUQeu0IeW+domJM9wNYLbkbmvhZdu:MHqla+/0HdaO1QzIeW+doCmvhnE7mNxa
                                                                                                                                                                                                                                MD5:68AF5E566C3F92B8B5D435E8CF0E4C6F
                                                                                                                                                                                                                                SHA1:C29C05434C7CA82A0BF15A60CB2D4542483A51BC
                                                                                                                                                                                                                                SHA-256:5418618458AA64E2695F6F51F51101E0AF961AA884E37EF2CA4212513DC87912
                                                                                                                                                                                                                                SHA-512:47606C8E0B9642933A81221B91CBBF7FC06424EEF1A37581E5C165DCAC9279C145253CE34D32009BAECB80EF847013FDC355C343C4C7C67BF51843D6A2700CC1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\9............" .....`...P............................................................`...@......@............... .......................................L.......... )......d.......p...............................................................H............text....Q.......`.................. ..`.data...O7...p...@...p..............@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17688
                                                                                                                                                                                                                                Entropy (8bit):6.619310311563334
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:m313DLE8RCWovVaWWdX6HRN7IOO2IR9zJgIV:S13Dq+WLhU9z9
                                                                                                                                                                                                                                MD5:E1BDFB0A3C2077F217E94626A9C84D37
                                                                                                                                                                                                                                SHA1:4485FA68954A681EAB2A6C6BB5006645AA63FB39
                                                                                                                                                                                                                                SHA-256:18A45C63385C3F59BD8A503939E2E5C7CD327E2C03219A550E016D6A7CFEF468
                                                                                                                                                                                                                                SHA-512:8D004D51503A92DC1878853DCD028D7865F22392FE194DEE0CEF6DF0B0A0E040BD2F4D33F4F0524DCB130E39359AF9506A6D0F894CE3D6FD16AA54A2CC67C61A
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0..............1... ...@....... ...............................#....`..................................0..O....@..8................)...`......./..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................0......H.......P ..$...................t/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID...........#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.720152735363345
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:yhliwxY2gWa0BWjsWxNzx95jmHnhWgN7aIWTFf/A81BHX01k9z3AZfzpqTJL:yhHbgWa0BWjzX6HRN78f/AIBHR9zQkJL
                                                                                                                                                                                                                                MD5:D548C14C3C17E640DAF27A76707F3BD0
                                                                                                                                                                                                                                SHA1:8318BD1AE48BFFF8D0C5609E511BC5C10C8DFE7D
                                                                                                                                                                                                                                SHA-256:D15A0768577C9E75A3D6FB94D580ED1E32994F4B971BECE03E6AD6EF7FD3518B
                                                                                                                                                                                                                                SHA-512:D57139F4FD99820FDA6BCFFAD86F818125678E7E543B2C68DFDA4EE0C3547E003B290B5DCE23ED43A6D9B3CC739159E151039BC8B1D26A851CCCE4DF287A0FFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............"!..0.............n*... ........@.. ....................................`..................................*..L....@..................0)...`......,)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ..\...................P ......................................^..C...wn.|2..)..E..Z'...N.. ./..I....Z........a..PP..=F..=....i...... D..R....03...n.....[.Q[<o....q@...:V.....6E._V....y;BSJB............v4.0.30319......`...8...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v.................\.r.....r.....`...8.....0.......r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Numerics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.743391402121608
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sF7xIOUCtWeQNW4pWjA6Kr4PFHnhWgN7acWOedNx6RMySX01k9z3AcyNaxQGEHo:K1fWeQNW4YA6VFHRN7edGMR9zPyr5Ho
                                                                                                                                                                                                                                MD5:C9FC19DB9FE74066786403B4829EC5CE
                                                                                                                                                                                                                                SHA1:12240200EC9DC0A64B141761DD2ECF7CCF4D4480
                                                                                                                                                                                                                                SHA-256:8CECA85D001CFBF974FA37ED8C64CF97B619DCA942501EFCF22D4F369BA42292
                                                                                                                                                                                                                                SHA-512:3FD206570AB29DAC923CAA7E1FBB32AE855D7814559534637EC381412CAD6AFB89FBAB99BDA21BBBA975554ECF5955B60D2129F5DECB50D70477E1A4BEC7A18F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.(..........." ..0.............^)... ...@....... ..............................+.....`..................................)..O....@..X................)...`......,(..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?)......H.......P ..\....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ObjectModel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):80184
                                                                                                                                                                                                                                Entropy (8bit):5.8034670220183395
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:anwUGEl0HKXrgcCGfN2QSsMWrHGe36XWD09zgS:0Dl0SrqQN0yHGeqX0O8S
                                                                                                                                                                                                                                MD5:1E2A3C3FCAEE389C04D33C18F3B09599
                                                                                                                                                                                                                                SHA1:6BECEBD105CEDD72DA755A49720D79F23F43C3BD
                                                                                                                                                                                                                                SHA-256:447E24F4BFAB9D7F23DC204B632817DDF933AFD89222CB396402B471DFCA99D5
                                                                                                                                                                                                                                SHA-512:A2BA95117DC9937E60E304384107C09DBBD12EA1BDD3B6210D2088CF10A9A6AA8CC09C83522E54F9F884055FF7072CA4D231273B0DE0BD4E66175E865AB13009
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(:..........." .........0.......................................................u....`...@......@............... ..................................t...d%..........8)......T.......p...........................................................x...H............text...o........................... ..`.data............ ..................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.CoreLib.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):13175088
                                                                                                                                                                                                                                Entropy (8bit):6.846434850139803
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:98304:FdVXzmQ6u2Pf1F1HpwajX4p92QKxV36FChEqiPVGK5+k+uiCi:9WuuT1HSajXgJgV36FDqM5+tuxi
                                                                                                                                                                                                                                MD5:8B5EE62ABDB7B72F418D797FE73F2521
                                                                                                                                                                                                                                SHA1:77582007964CBB215278267691A255B63ABE5FFD
                                                                                                                                                                                                                                SHA-256:4CD6810B4EBE8D6E1F5928F2026D257C112380D33B557A60BCFA9C7F2BB012E8
                                                                                                                                                                                                                                SHA-512:870EF275E1E8D1607E2B22EB25F1F05F99346B54651BC119D809BF21F1A6F041EFF801B3B5E1FFBB1897975FEB2C3AA47B3699CC4C63ECA8E3E6A60387AB4BD9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...J.c..........." ................................................................}.....`...@......@............... ......................................(r..|.......0)...0..@...8...p...............................................................H............text.............................. ..`.data............ ..................@....reloc..@....0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.DataContractSerialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2083120
                                                                                                                                                                                                                                Entropy (8bit):6.7084204593562475
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:zEe18SlNT7q8K+sb8VI5fCImJ1MxOouLs32DL2v6EI6PN:zE8Riy6PN
                                                                                                                                                                                                                                MD5:3E4914FB86B55E766730BBA2CF5F9710
                                                                                                                                                                                                                                SHA1:AA6EABD6462F7898FDF34FA71355190A1B915F07
                                                                                                                                                                                                                                SHA-256:96C38BE90900D54FDE8D6DB1B3DE8377C07DAF21E99976D6A3474A9511E3EFC6
                                                                                                                                                                                                                                SHA-512:1B5749D910B8B5564F8D125A5AD62218B3BCFE190692D82F5101A8E53DC604060E3D9211B34EAAA6A9094C03529D6CE0196766AB5F266BEB8064B41314834EB8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....6..........." ................................................................X. ...`...@......@............... ..................................$....[..........0)...p...'..(v..p...........................................................(...H............text...;........................... ..`.data...X...........................@....reloc...'...p...0...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Uri.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):260408
                                                                                                                                                                                                                                Entropy (8bit):6.615538060259084
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:AfAAcZcInBPKCeDc6Ci9MG3CMeVmtGNFsGu6MyXO:HFKDciMG3HamtGNfuV9
                                                                                                                                                                                                                                MD5:FADC9E1672EBA182AD57E6FF27DF1797
                                                                                                                                                                                                                                SHA1:774C74089FCEA3AFE0C7CA1A0B496C999392900A
                                                                                                                                                                                                                                SHA-256:DC01ED420EF427086F0057013D7AC1CAC07E2483E4CFC162D09DF1B64553892C
                                                                                                                                                                                                                                SHA-512:0650F9ED9C86103CC66871B4558BA9AE291273FF5E0DC0FA7468F3636AC6896CAA8C9EA714ED821B55A519C6E1B1F5BD26D6DC7196F8F2BBA6215F355A2BE602
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@.......................................................<....`...@......@............... ..................................t...XS..x.......8)......8.......p...........................................................x...H............text....{.......................... ..`.data....$.......0..................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Xml.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):403768
                                                                                                                                                                                                                                Entropy (8bit):6.602276363545423
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:oxERCkFa5oBSKGFCoMPxSOpXQgVuThCDCaY+zrZjzEOQlIZPKN:ouRZM5oHGhU/4WCt+z1ffZo
                                                                                                                                                                                                                                MD5:1BA13843CFE69115B69B9734F08D8C1F
                                                                                                                                                                                                                                SHA1:D16B4DE6A429D77A9B418E545072B6540AAE10BB
                                                                                                                                                                                                                                SHA-256:13602313FC8BF7F6BE2183DFE3F07B10CCE450566D7CDE619C238D05137338A9
                                                                                                                                                                                                                                SHA-512:382DA8E0580447BEF35B2813212634513B6F180664ADB7A3DE072D92FD9485495905A13A0A40319B2C0FF02C2A05549697C1A6BB651C2A42E9F172EB1D9BD68D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}a..........." .....p...........................................................X....`...@......@............... ...........................................-......8)...........*..p...............................................................H............text...vb.......p.................. ..`.data...Sd.......p..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Private.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):7989544
                                                                                                                                                                                                                                Entropy (8bit):6.802297198301812
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:98304:CgB/y99HaDD1OMe3dpE/dhYw2knN5WUFX5cha:v/uaDD1Ox8YoFX5cw
                                                                                                                                                                                                                                MD5:E166C44D116A2A649FB8BF58B8DEAE69
                                                                                                                                                                                                                                SHA1:E66C37FBA5E3C405DD21C464343B87E173F1FB45
                                                                                                                                                                                                                                SHA-256:79CDAEFC221388C3E5B9AFA137F8E4A44366CAC0CCC617BF1F5B6CA0DC95F3F3
                                                                                                                                                                                                                                SHA-512:852C80299D20B6D5D7EBCA7C3D76DA1EA36CED6274374AF8ABD8F484C356321090E784F8C5E8357D1B4F6AC49DD48F81A6642D0D95682BA92C50E07EC25A20EF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......s...................................................y......z...`...@......@............... ..................................t............y.()...Py..h.....p...........................................................x...H............text.....s.......s................. ..`.data....Z....s..`....s.............@....reloc...h...Py..p...Py.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):76048
                                                                                                                                                                                                                                Entropy (8bit):5.943118914884181
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:2NTs7klOJRVNvKzBMuSxRWHJQZYoqNTJodiOEp4z0:2VxlOJXNvKKxRWnNN2xXQ
                                                                                                                                                                                                                                MD5:202192E1AEDBDBD47B4C755227C9F174
                                                                                                                                                                                                                                SHA1:FB61C5557319FA1BBF82302AEF46C331EFD8348B
                                                                                                                                                                                                                                SHA-256:F625AAE4F7A839B16834764BCDEC5F8008A5171AB1AF77277B4861B077078D25
                                                                                                                                                                                                                                SHA-512:EB87E36BA74192A177D9649E3B583A72B15C8AC3B8ECD991A56D449EBE99E2CCB3D667FB937055623584EDA6B271658784F9BBB51343843D3317F311C2980154
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........0.......................................................2....`...@......@............... .......................................$..|........)......P.......p...............................................................H............text............................... ..`.data............ ..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.7440217236656395
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:EXWj9xP9WVTUWDeWxNzx95jmHnhWgN7aIWjYe2YHnsTX01k9z3A1Rrn:vjH1WVTUWDlX6HRN744YMTR9zUR
                                                                                                                                                                                                                                MD5:AB6EE54636B88E5FE0DADCB9F24D907D
                                                                                                                                                                                                                                SHA1:FAEDDCC767249EF0208A907DB50ECAEF1AA1F91F
                                                                                                                                                                                                                                SHA-256:7C85F57B009B38E7F62DE0437A652966DB39134DC95527E3F60EA1B3334E23EA
                                                                                                                                                                                                                                SHA-512:5131F86CD07BF1BD434E039EE7F0BBBFDF772F5C01EBD6F0968B5E6E5567F0C4130E7621B7D4489698A77BE6543D256ED4217CDA84E9178ACA1FD0F70E507DFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............*... ........@.. ....................................`.................................?*..L....@..................0)...`......4)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..d...................P ......................................V{.U^i..7`..8.Q.Tw.YZ8......\@9...7C...L.....v...y.%.....-...l..>.*#_.........[...+...d@~....Pu.j(...lt..........O../BSJB............v4.0.30319......`.......#~..l...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.....!.b.....b.....7.................b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.719210609725614
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:7nnux2kmOWxEVJWWWGkWxNzx95jmHnhWgN7acWE1AJvxwVIX01k9z3AXaKrPDs4Y:wpWxEVJWLSX6HRN7T1w9R9zEFrbw
                                                                                                                                                                                                                                MD5:F6781A08C2B18C6D751821744820B6C4
                                                                                                                                                                                                                                SHA1:F10227DE4488F3E6E753D4FBD1D1C017A5E23205
                                                                                                                                                                                                                                SHA-256:9356D1216420F334FF6DE21F1ABC93609EC7B037471453EC722DE89CEA954D45
                                                                                                                                                                                                                                SHA-512:1270DB17862A22352BC8737B88B33C4FFD03146F2DEDE9F8DDB144D1F26BB8FFA35183FF9E99EDC408D7E14524D4C6CF82E833B4992446C982778A842C050D23
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ss..........."!..0..............*... ........@.. ...............................D....`..................................)..R....@...................)...`.......(..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .........................................>..B...u....z......q..p...h.ea..U.1M@..)4..y...z.W.+..qJ...Sy8...F|.......W....?e.c2..........`...,.2.eS.R.......1W...}`BSJB............v4.0.30319......`.......#~..4.......#Strings....<.......#GUID...L.......#Blob......................3................................................0...........I.k.........t...../.E.....E.....>.....~.....~.....E...i.E.....E.....E.....E...P.E...].E.................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Emit.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):129312
                                                                                                                                                                                                                                Entropy (8bit):6.1169104642443894
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:qShk64jKiEAYbKatyLJBsVkrc10FBR7yqwA:y55fSe7sungq5
                                                                                                                                                                                                                                MD5:F3C93B3779D56D80D784BA712A74C9FA
                                                                                                                                                                                                                                SHA1:AED1E91233D0DFD1937354D4A94C5447B87259BC
                                                                                                                                                                                                                                SHA-256:5BE721DD3FEB1E56284390D592B81C1885F50BBEB567C53EDB8DDC1CD3210DD4
                                                                                                                                                                                                                                SHA-512:A1CEC4E076613695FCA1336B4C40F4EAE2F049CA5CEE522EE4082F3BF74C3704DF41655E00A806365A216110A7997DA0375DF74F5CA58FF072647ED80E352BDB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....+)..........." .........0......................................................3.....`...@......@............... .......................................+..l....... )..........0...p...............................................................H............text............................... ..`.data...Y........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.793667220027114
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:Vv8XzrxAlvUWKZWWGhpWjA6Kr4PFHnhWgN7aIWxn+EYHnsTX01k9z3A1Nmjl:VEDlAUWKZWWOYA6VFHRN7qpYMTR9zUc
                                                                                                                                                                                                                                MD5:92E0E5A63D25B9C3AE3983FD1B126A8D
                                                                                                                                                                                                                                SHA1:AF7095C2D4D58A19F205ACEF1019064905F44EF5
                                                                                                                                                                                                                                SHA-256:F006C1DF74494ED22ED0ACE97F4D3D1A8B2B5C65DE706D201B76146FDD5EA6EC
                                                                                                                                                                                                                                SHA-512:92A3F172F88E4BCE2B7651801D7FBDCC7C5BBFC242D60FD416EC6DDDADC4E0BB98ED24979B0FCB008B220D7EB93EE45C4DC39E4B030A4F9F23AEA94FC8ED82CC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z)... ...@....... ...............................=....`.................................%)..O....@..................()...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Metadata.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1116440
                                                                                                                                                                                                                                Entropy (8bit):6.644311003487164
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:/3e0zkmiwp8+2KFhA8WDlLeO9om5EoA/mSdWDURfeGWFbrWuoDzAVdrN:/3e0rdp8ihocOWm4/iamGWFbB3N
                                                                                                                                                                                                                                MD5:64E6830F63DE5F8F82A4F45BB5AAC4E1
                                                                                                                                                                                                                                SHA1:3834E21EAF634DD532FC3D77B9F2449BF9F384CB
                                                                                                                                                                                                                                SHA-256:A82DA76C39DD2287B580986C9D21E7405E3B9D43953C1856AD9036E117462A2E
                                                                                                                                                                                                                                SHA-512:EE57142DD8A3036F0D545408FD68B325FA614615412E94F49536C391C009809EEA17E17BA3581A8DB4C2A56DD3E761A21A7BA3458E537F086270A45099504928
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................Ny....`...@......@............... ......................................@...........)...........W..p...............................................................H............text............................... ..`.data...A...........................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.781423994083627
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:giSI4jCaxPtdWSx+W3pWjA6Kr4PFHnhWgN7acWbRQRfKDUX01k9z3AyCWtQG:GPVdWSx+W3YA6VFHRN7PpR9zldtQG
                                                                                                                                                                                                                                MD5:92BFDBCC5A2A2BC7DB8AB7A1D759B827
                                                                                                                                                                                                                                SHA1:09C260B069057E7EDA73BAFB78DB6F5A5968F5B1
                                                                                                                                                                                                                                SHA-256:081035E2019F5614F08BBEE64BA2D4B93958A6F1F6EC7CAD305109519DB07C9C
                                                                                                                                                                                                                                SHA-512:C43D173D96D9743A5917F02F4299A36A15C99252C271DC5076EF80DA0ED06088A8300DF7F31301F937E641E6B91FAB7AD1F5F0B6A57AE4DEF5196884F71F1ACF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........."!..0..............+... ........@.. ...............................8....`.................................5+..V....@...................)...`......8*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H........ ..h...................P .......................................5....To.*.r..+L@el..... wO[...&...BC...|(.u./.z.N.~.#.....Q7....(.~>H].L....%C..n.P........L.>.D9....s8....'.......?..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y.................?.g.....g.....`.................g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43312
                                                                                                                                                                                                                                Entropy (8bit):5.201190108733127
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:oCWmBeW8p0YckPuTNRyVP0a+SKuD6tdjRGxX6HRN7j81zxIPaR9zEa9:o4qckWTwD+juw6Wj81zxOW9zT9
                                                                                                                                                                                                                                MD5:E58204BCE15E07EC0E3A9E1BE50DE9FB
                                                                                                                                                                                                                                SHA1:E9EB5D8BA8AB976B0FB4A8A267898145DB7BA2F8
                                                                                                                                                                                                                                SHA-256:1C5AC607683FC37DCEC16FEDD9360DDE2A214444596E3C2EA922EEB0C5E22EE9
                                                                                                                                                                                                                                SHA-512:D38BB77B4E253748E18AAABF8817A7CFFC802A5E42E889107A8763B1833F4550D313EBEBC7290079023A4617E1533D2CA3F78A2017908901B0A50496EB589BA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}............." .....P... ............................................................`...@......@............... ..................................................0)...p..........p...............................................................H............text....G.......P.................. ..`.data........`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Reflection.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.685947251423688
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:y+CkNQKYxA7qjWhFCW0WxNzx95jmHnhWgN7agWBBXLrp0KBQfX01k9z3AA7OfL:ytjXjWhFCWbX6HRN7oRxB+R9zpifL
                                                                                                                                                                                                                                MD5:6AD5CAD80276892BA4CC02B27E85BE12
                                                                                                                                                                                                                                SHA1:7333C6F4682AD9C77D9FC319DFA48372A5CA321A
                                                                                                                                                                                                                                SHA-256:ACD8F3EA0B145517E9DBE2D276B174DF4C7EBAAE28ABA62EE2303A8AFC83235F
                                                                                                                                                                                                                                SHA-512:5C010AC745B3DBB5D22149DC8C373B2ECC9D9EB38566714FF23119C4FB0BC03B4A49607DFC073DE5912DBD8B4583E80C1E528CD5710C1865CD1CD18CC7CC08C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ...............................T....`..................................,..O....@..h................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.Reader.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15648
                                                                                                                                                                                                                                Entropy (8bit):6.7745107157816
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:nhDOxAmBW4+3W27WxNzx95jmHnhWgN7agWPDucADB6ZX01k9z3AqRariR:OfW4+3W2UX6HRN7EucTR9zlRarM
                                                                                                                                                                                                                                MD5:B60D236051B2ABCB66F74C4812223C62
                                                                                                                                                                                                                                SHA1:8786DC5545047F56D1C909265841212C203ACE2C
                                                                                                                                                                                                                                SHA-256:4EE54B35DE61268A3C9DB9A80DB5F005B49C134F5E9CEDCC0B31CDC2D120058C
                                                                                                                                                                                                                                SHA-512:93873F04B3C5B8F962DD376DD7A3B0672F85F086C5E8BA08478488740D8DCE9D77679B8524E210CCF4F2386D8CE5CDFFE17C2709C79897C7F477A6ACB4D59AA5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`5............" ..0..............)... ...@....... ....................................`..................................(..O....@.................. )...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.723144015881292
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:PaO9uvWV6zW+mYA6VFHRN7DgFDR9zTPUz9/:Pl9unPmFClDkl9zAz5
                                                                                                                                                                                                                                MD5:066BB1ECF94BF9C15F39A89C55AE70EF
                                                                                                                                                                                                                                SHA1:B711BBAD6052C4BB53D8BEA0DBB9FA64B3402DDB
                                                                                                                                                                                                                                SHA-256:78EA4958BBA58923073533245EEC77810C34DE5C4D7F8FC5F2DCB20503C39068
                                                                                                                                                                                                                                SHA-512:610558F4B5CF6F72921B3BABE28CA842EFCE97A85FA4FABAD91FB8EB92ECBCF5154A52E185965347974720D0E377239DCBEFE00940F4F28BA78A6438A8B5547D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0.............n*... ...@....... ....................................`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Resources.Writer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51464
                                                                                                                                                                                                                                Entropy (8bit):5.757823712774265
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:tIc32LPcTNq2irs+I3312/gb04IhFCloU9z64:tZGLkxq2iy3F2c0Rifzl
                                                                                                                                                                                                                                MD5:474F5DACA75A68CCB27640CA24FD360A
                                                                                                                                                                                                                                SHA1:68A5F5EF287E31046B5B90C58DD4D9727E0B1E1E
                                                                                                                                                                                                                                SHA-256:9175EF26F74399E465C8053B142704EFD03727FE9837A5EC608433A417DFE326
                                                                                                                                                                                                                                SHA-512:E5620657ED62AA0C71ACF5E8FEC0ED47857C7776868D2374A5F48ADC9AC7F2D4DB46B055C4C9732BF315EDA9FFF78F9347570B7A2AFF6E25D9602CA8647B1D88
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....[............" .....p... ......................................................!.....`...@......@............... ...................................................)..............p...............................................................H............text....k.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.804784998922409
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:m7xAvH5HmWgJ2WQkWxNzx95jmHnhWgN7a0WECSj9BtaFFX01k9z3Ay3myt5D:MCgWgJ2WQLX6HRN7JCc9WR9zBT5D
                                                                                                                                                                                                                                MD5:C491FA202B388C62A783E9E7B8219531
                                                                                                                                                                                                                                SHA1:4DB62FCC3451FE365B96AC8F6AFB8B36A310D0A7
                                                                                                                                                                                                                                SHA-256:2DC6D8D20AF5A36257AF1E816F289F3F21611E811DBE9AF20966E5D4E701B7E1
                                                                                                                                                                                                                                SHA-512:2046C41F7F5CD99020FA5784B8656636CE6AD2EC35295AC580704314622841812F4293C08847C01AE2DB833AEAB4DF2DF59BC33812423121FD1DFC9FF42A04FF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ...................................`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................))......H.......P ......................h'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):31032
                                                                                                                                                                                                                                Entropy (8bit):4.668485682155773
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:eWsCLWChjxoeaVEEfX6HRN7hq+GkELRPR9zjOCI:NBpapWhqGQ9zK3
                                                                                                                                                                                                                                MD5:511A6CD95CB5E50ACC7C7B97F8DE3531
                                                                                                                                                                                                                                SHA1:3AE756447C028A59CBCFB20CEF96483337DE4B5B
                                                                                                                                                                                                                                SHA-256:2CF2328B2BB67EFB7A4021E6B1093282826A7D221BD3B3B57C145E5E13374456
                                                                                                                                                                                                                                SHA-512:033E5553663D65A66007021D5773BB3046C2B24D51A991C83E1B025170E9D04B910273467CBAEC9CDE12B79DB10E2C9685AF5722BBACD603EEEA5ACB565F4788
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....b{..........." ..... ... ...............................................P.......6....`...@......@............... ......................................$........P..8)...@..........p...............................................................H............text...~........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18224
                                                                                                                                                                                                                                Entropy (8bit):6.562338179216365
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:5/Sj5rt9x+vFW8gNWXNX6HRN77pGR9zqYI:5qj1tSOIW7Y9zPI
                                                                                                                                                                                                                                MD5:33FB9BBBCBA3E7BBBD7BA9216958008B
                                                                                                                                                                                                                                SHA1:7660B39FDF52E35EDF106D6900F2C7862121EEA4
                                                                                                                                                                                                                                SHA-256:C31F0812B87812A10627C8603CA265E1A33927047134B1DD5CE69356869E250C
                                                                                                                                                                                                                                SHA-512:D51FD4D60B53C8BD23BC285FF34C447CEB517C3E402A8D61DB397996C3800F268B4F0ABEBEAC12BF42B608506EDCBF66CC4A27E46C0842B9BA149DAB61E5F01D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............." ..0.............22... ...@....... ....................................`..................................1..O....@..................0)...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Handles.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.814505381555342
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:6lfzxAd9sbIWAZmWwXWxNzx95jmHnhWgN7aIW2a3YHnsTX01k9z3A1yb9:AftoObIWAZmWwYX6HRN7+YMTR9zUg9
                                                                                                                                                                                                                                MD5:5E4C20E0A38D62A629E7009686E20264
                                                                                                                                                                                                                                SHA1:27459AD6B3431B3B522CBD4AF7CB8DA84618353D
                                                                                                                                                                                                                                SHA-256:FF10134A6AB7612D6AA2A368B1C6F3173A30CBB1ABF8D517C97895DE72132F2C
                                                                                                                                                                                                                                SHA-512:5F11D193335F8556E66A040B1D29B18BEEDEB2F3FF1DE4E59D278E9B9E45464F9B5389C7815DB5A8889BCCB754F9B7F6E58B4535FF749CC33FF701B43516CEDA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..............)... ...@....... ..............................z.....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.JavaScript.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51480
                                                                                                                                                                                                                                Entropy (8bit):4.96736494913135
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:bOxGMiFMwIIARptGdwWxroe+MH1Q+k71pb52BWAD9zh:bOwMiFMwIIAR3GwWxUezVzkjbeWApzh
                                                                                                                                                                                                                                MD5:B3CBC3F39F271F7E23A0959D2C4A26CD
                                                                                                                                                                                                                                SHA1:FD29277A423DF0E2C107E3C306228C665767E99E
                                                                                                                                                                                                                                SHA-256:B5415B6BE10C1E87BF8FAF4206471EAD93E0AA4F445CA8CD9F35B8EAF8158D90
                                                                                                                                                                                                                                SHA-512:A0D7B80F572ACFA60B92CBBDF06EDE4050944281D96E419DED9C014DA085387B2A9D841BC28E5DC88562BF92720E6AFC516E744E16FA4E9C4E6E1C173CEC744E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....m..........." .....p... ......................................................._....`...@......@............... ..................................$................)..............p...........................................................(...H............text...Zg.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.847005993457445
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:K7e1enxAbDNrWHDUWMqWxNzx95jmHnhWgN7a0W0kzj9BtaFFX01k9z3Ay3mKPUpc:KCUxQBWHDUWM5X6HRN709WR9zBbMc
                                                                                                                                                                                                                                MD5:13D864886ED9DAF09E800B3851B4A05E
                                                                                                                                                                                                                                SHA1:5F7DE3337CD71E167B6D70626D29DC7139AB765C
                                                                                                                                                                                                                                SHA-256:357797FEA3E2F1FAE6DB8F47AA096BDC35707BEB16EA912019877812708841D4
                                                                                                                                                                                                                                SHA-512:F561129CEEB84C4C0AE1C605887907E9ABA9BF20A5107828F706D3A5BD075C87C918B0551845208D81A1AD65CE7844044187430F943EEF8253FD257AC6E937F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C./..........." ..0..............)... ...@....... ..............................&.....`.................................{)..O....@..h...............8)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):96544
                                                                                                                                                                                                                                Entropy (8bit):6.028171254215127
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:4o6MupEelCtJfKS6+67NspnSPM+l5+CkmVhKWHOiOyzUizB:4o6R3lCto+dSPM+rJkm7NOxMUil
                                                                                                                                                                                                                                MD5:1DF866F691DEF4290407F5CF01B996AD
                                                                                                                                                                                                                                SHA1:B2BA5AF3F80AAB63EF2FECF6341B44DEAE201AC1
                                                                                                                                                                                                                                SHA-256:127EA3F2FF47CEA14C082B2ED22066554D22C9D8F97DC0D403B17042FAC62A5B
                                                                                                                                                                                                                                SHA-512:6F96AEC2ABF7F6E96B7699F67CC8547334277C8E502E6ED357713C54B68FAF264B1843EA42E6AB0F7C6AD7DCC1098B9042E1D5F15E93DB6F8D346F613D1F6A1D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" .........0...............................................P......>.....`...@......@............... .......................................(..\....P.. )...@......`...p...............................................................H............text............................... ..`.data........ ... ... ..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17208
                                                                                                                                                                                                                                Entropy (8bit):6.6141833133111865
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:JYzYQZrDroWmyLWyoWxNzx95jmHnhWgN7a0Wdd7/mcj9BtaFFX01k9z3Ay3mIamu:JYkA3EWmyLWyHX6HRN7k7/mi9WR9zB7I
                                                                                                                                                                                                                                MD5:66227035D9417A2E4B4FA6598FEA969C
                                                                                                                                                                                                                                SHA1:398C254B721337177A5BB236D49CA6E2B218095E
                                                                                                                                                                                                                                SHA-256:3A18C5B41B723D5DABA3088D621D4EB8DCEB97FA9B2C4A850D54FD4381DC3C22
                                                                                                                                                                                                                                SHA-512:26D4059CB06967641E5A935B36A7AB50FCCE0B7374E62BFE275B2C138B46ED9B8CF1E4B1F7C029586B8D9DD913F736EEED8C7E489A5FF682AAEF67DC2202E0E5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{............."!..0.............~/... ........@.. ..............................^.....`.................................#/..X....@..................8)...`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`/......H........ ..\...................P ......................................E....H.m`.D...&....z../.....~..%....A.:.~.bX...........d.kS..F.z...z.......*.....(..a .L.J~,&_kh.I.4..FNO.{B.-S.e.S.....j....BSJB............v4.0.30319......`.......#~..P...d...#Strings............#GUID...........#Blob......................3................................M.....I.........B.$.....$...[.....D...........A.............k........."...........{.......................b.....o.......$...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Loader.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.74808977719352
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:pDUElhzxNeW5ZGWnWxNzx95jmHnhWgN7awW59FeHqj9BtaFFX01k9z3Ay3mRcbe:dUEl38W5ZGWoX6HRN7g9EHk9WR9zBK
                                                                                                                                                                                                                                MD5:4ED4A34C35F7B26E8E246D16C2DE6A53
                                                                                                                                                                                                                                SHA1:2FD8657B37AE7750FE1CADC7D555041063CAF821
                                                                                                                                                                                                                                SHA-256:F106DF84A047BA38B018AB7BBA10E2D2D6B2A5FFE5762CE8208C339AF3BB21C6
                                                                                                                                                                                                                                SHA-512:3A7CC11E455ED511313366B5A2527BC52698B8958E9E7E20B56768C9561D10BBF13A2D327AE0467A5DC64F7643B8D16D6A65CAE1C4E1CED6F62360C9C535F90F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pp............"!..0..............*... ........@.. ...............................;....`..................................*..X....@..................8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .......................................1cc=.m.y-v..Z......9,.....8.5.....R..k.....tk.MM.i....s.^.Qx.D#$..t...3......@<........gy+.n.....^...#W....$b*2..b.C...BSJB............v4.0.30319......`...(...#~..........#Strings....0.......#GUID...@.......#Blob......................3..................................................P...X.P...p.....p.......v...V.....z.....).......1.....1...?...........>...............................P...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):330024
                                                                                                                                                                                                                                Entropy (8bit):6.652134966205565
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:K103Ufy7eeqvaM7BWp5lsQV57Q5t9dtIKcB9+:K10kfy7eeK7MlRV574t9dtUz+
                                                                                                                                                                                                                                MD5:3ACFFC369AECF966DD9C9E1F6FB966B6
                                                                                                                                                                                                                                SHA1:AA0A79D6AA6760A71B2A2E47E03BE0A43892FE1C
                                                                                                                                                                                                                                SHA-256:55D0E21E8AD1F851E0803AC655D9FCA5BEDA6692592FEE421C179AF64109DA43
                                                                                                                                                                                                                                SHA-512:DFB97F5F791CBBD7C308754BBEB4D63A0AFF098313113B931E74CF824F67B765D3667662840BCBA8DCC9BDB07960D83408B7227A1749A6905CD1851C7C0F15D8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@......................................................\J....`...@......@............... ......................................hn.. .......()......p...X ..p...............................................................H............text.............................. ..`.data...-#.......0..................@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):309544
                                                                                                                                                                                                                                Entropy (8bit):6.565288812451409
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:lzv7WOXu33WPEei5EZNqHRk5XDiio9gZbzZYNAgk74dzzKL2zLjRByB+dhBDIoca:rWLtBxTDhcnFUB2aKg97zc0
                                                                                                                                                                                                                                MD5:5D3970DB4A500B2349BFA20B83BD69E8
                                                                                                                                                                                                                                SHA1:A4DDB5936ABE75A46A83A293771B2434E3C47A83
                                                                                                                                                                                                                                SHA-256:748CCE10A02BBF3D24A1C6D7FEBFF0E5A8E7AE2E9C423BC904643B8D54FE6297
                                                                                                                                                                                                                                SHA-512:3F57F56FF97E63FA130A204DA1B63811D0B77EEC9B41A70F12204855B395CAB6C6169972C20B149DB4EF6148313FCCBEAF6FDEC5F228EDC06400711F6E9C0275
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....I..........." ..... ...`......................................................+9....`...@......@............... .......................................i..`.......()...........#..p...............................................................H............text............ .................. ..`.data...'N...0...P...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.748110626945014
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JkByVWbuodB5W+GYA6VFHRN7ykhpR9zldp:JkByWVdBRGFCl3D9z1
                                                                                                                                                                                                                                MD5:44DBC666AD269986DA0AA1D4870DCC43
                                                                                                                                                                                                                                SHA1:787AFE4CF6DA55E71A0BB946CCF9BF41FA0FA284
                                                                                                                                                                                                                                SHA-256:53BDE641865F6240C7C7228809953607A2609B72D096197EC07495E44686F87F
                                                                                                                                                                                                                                SHA-512:663BBD7021ECE6A80CE2E9A02AADA4EB5EEEE54155DEB5E389F28C3E45E7D4E31CD2E1C8A49D4F626CF5AC226B416C975AD76F0F4B4E8B756D136D950ED5019F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ...................................`.................................W*..T....@...................)...`......P)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ...........................................!....Id|....I.;........( G.h...Fb..U.<A..YM...s...<7.i)h.'?.....]...-...c.+.?..P..mR.="..^......Y....(y[.qK..u.f....zBSJB............v4.0.30319......`.......#~..x...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.......O.....O...a.....w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):39224
                                                                                                                                                                                                                                Entropy (8bit):5.151825928966964
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:tHWFISJBrW2ANFdBha0I5qzv80n+a8+gEOR9pnUkO2akIGt6HHD9ax15JRXSCX6r:tqxJBgjaVyU+g99pns3KNWw9zn2
                                                                                                                                                                                                                                MD5:977C08FFE5527A368DD5DC4F6E5743D5
                                                                                                                                                                                                                                SHA1:A9BDBEC552469651D6B74AAAA211DB2895BAD869
                                                                                                                                                                                                                                SHA-256:1439D12A15B1745DAC140FBBC659638D665A86F7ADDA6B4369D9F50E008256A6
                                                                                                                                                                                                                                SHA-512:0A588E32424B43D3EA74A7A8FFD7F54BD069F4BADF7A4C134DB8A8A25EBC49FCB472A3F76CC08FC2C9FCA026AE8FF6E05A2C943E45D757B09447C105343664D8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w+............" .....@... ...............................................p............`...@......@............... ...............................................p..8)...`..,.......p...............................................................H............text....>.......@.................. ..`.data........P.......P..............@....reloc..,....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17200
                                                                                                                                                                                                                                Entropy (8bit):6.683002357395069
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:awskrZI8NuKRMWsBfBBgWP5X6HRN7Mz9bt5R9zEx3g:6krZI8NuKRiJBBTWIx9zP
                                                                                                                                                                                                                                MD5:992AA05D8ABFFC669C94BD88A399D792
                                                                                                                                                                                                                                SHA1:916EF573E5D82591100DD06C6A6FA8C80A7418E8
                                                                                                                                                                                                                                SHA-256:D37E6A8F6B3882C3F601C80880E6A9721C42A175C29F553695B42C16774585B6
                                                                                                                                                                                                                                SHA-512:087F0A38A67246FADB517F54A0BEBFD11D7725D90960822137FAA82A3661FD18033C9761E70BB24D7551C84902D07721E2D10D1C8250BB51C53385136F78485D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........."!..0.................. ........@.. ...............................5....`.................................M...N....@..................0)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..x...................P ........................................"...;..%..;.......L.Q.^2~.m.o/6...."....8.jQ.>.fn..*....b...>.?+.J.[...p{.+.So...z..f...0..T....>V.Z.ug.9..4.....;\...)BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................"...........................W.a...............=.............Q.........R.......................9.....k.....m...................A.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.Serialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17192
                                                                                                                                                                                                                                Entropy (8bit):6.684282851066347
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:LkXP2tNCj8N8LWgMr4BHWGYA6VFHRN7GkELRPR9zjO0jQp:LkXutNCj8N8Po4BlFClxQ9zKhp
                                                                                                                                                                                                                                MD5:1B4D714283918CC3F29285ADCC30CAEE
                                                                                                                                                                                                                                SHA1:FE85DD75367C8AB9AA9CD6430C553A18237C1F8C
                                                                                                                                                                                                                                SHA-256:06CD0BD2011F05F72D0F413489443354D7946A33F6B78B1DFDC939A8F9080696
                                                                                                                                                                                                                                SHA-512:314EAA273347B7A28DEACB78E25D6495090E8DC5594C3CF443DE7D5EB748014B37EA19BA36543FCCC7FA6CCB1C259E33AAF662B05AF3F824B8717E67E555884E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0............../... ...@....... ...................................`.................................y/..O....@..................()...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ..............................................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Runtime.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43816
                                                                                                                                                                                                                                Entropy (8bit):5.851306072446327
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:2+1fsSED2vCeDQvRzXB3gWql6375IVxedktN7xPBhwsR/JG39QRoNvsh2JcfoDLu:KB/LuYdy50b4b7RSHTSkingzIh
                                                                                                                                                                                                                                MD5:DAC7D72763E59A64C0D706325B747D92
                                                                                                                                                                                                                                SHA1:5890F0EE30B86E01AB55D6017261554D16F6C916
                                                                                                                                                                                                                                SHA-256:9C506C9347F872C3375255F744DCF83B71A96FF71CBF4A19B39873FA22F73C22
                                                                                                                                                                                                                                SHA-512:4218CA96D6D2D4E24E3B6A70A87890A9035156D522D217F48999870F644548A7BC5C09B78B23DE41C5974C375F9D03ED49054A173B4230AE835FF808469CE50A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..x.............. ........@.. ...............................y....`.....................................V.......X...............()..............T............................................ ............... ..H............text....w... ...x.................. ..`.rsrc...X............z..............@..@.reloc..............................@..B.......................H........ ...u..................P ........................................!..d.?..:9.S...J.!j.op<.\.M...=...hQ.Y.5.../...Un].......)<..E....H..Ltf.'..*......R.....b.~.. t!...]....?..F.4.RBSJB............v4.0.30319......`....2..#~...2..T@..#Strings....<s......#GUID...Ls......#Blob......................3................................{......#...........6..`..6....m6..(7....4.. .....%.....%....m#.....6...!.6..&..%.....%.....%..s..%.....%.....%.....%.....6..........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):231696
                                                                                                                                                                                                                                Entropy (8bit):6.491225217557608
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:7XHFwjow9j0rKu8bmb3KD/L8V8/6Xe9QF+wVkjoxFwGzXGA/+PXuPXpP:hwjow9A4bmrA/mtFdWfuPh
                                                                                                                                                                                                                                MD5:AEC18CE525B03B3359FBC19E00D6FDED
                                                                                                                                                                                                                                SHA1:F69D5504D3A4107B43E743FB714B2EE8C340178A
                                                                                                                                                                                                                                SHA-256:DE77B6A860B6D1E9DBB6E260EF352AA9981A4A76C18A3BD144A6F8F041BBCF64
                                                                                                                                                                                                                                SHA-512:0D7BC1B94563186D36276E57FAB09D85F1269BBA230331077F61C8E96F53A0F97B99AFA6E6859C8A0F378C2B44979B2098C3841FF639B134041459C69FCE985D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}............" .........@...............................................`......-.....`...@......@............... .......................................V..t....`...)...P..H...X ..p...............................................................H............text...S........................... ..`.data....$... ...0... ..............@....reloc..H....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Claims.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):100632
                                                                                                                                                                                                                                Entropy (8bit):5.968533454375661
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:mt2q/as3w2pm4X+bX5SdluDQu6O/UZxOQwQ7rzUU3q2bP64LrSjYFFQWEzwC:mMU3LpmG+bJS7uP+pXSsFKvT
                                                                                                                                                                                                                                MD5:31E935263D51F39C224E403BD5D7CC00
                                                                                                                                                                                                                                SHA1:8AF5EFBC150D8F944ADF84F89BFD9C11D00183E1
                                                                                                                                                                                                                                SHA-256:9AEDEB23632F45084722906CED314074FB14E08478545A221AB6476FEBBAFF0B
                                                                                                                                                                                                                                SHA-512:6B95226C760DE73C85A4A9ED972C1F51F14B50087BCCAC290A31813FF3F6F882F7B5C7EE21352F504ADCB7324214827D32BF9FE1DC34447520D97A7C12758D1A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...m............" .....0... ...............................................`............`...@......@............... ......................................x+.......`...)...P..8...H...p...............................................................H............text....#.......0.................. ..`.data...{....@.......@..............@....reloc..8....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17680
                                                                                                                                                                                                                                Entropy (8bit):6.616772216364839
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:nXqqGWqkBWxYA6VFHRN71aEpcR9z0B7i7:XVFoFCl1aEpw9za6
                                                                                                                                                                                                                                MD5:3E2C2FBEF86A88B2BF2FD8B177FD6D0A
                                                                                                                                                                                                                                SHA1:3B2B791ADBF69F9A37597B80FBA9E9932E49A6BD
                                                                                                                                                                                                                                SHA-256:A28C5AD8CFC585C3D225B07AC28C359EACE65765EAA306FF44D7A6511262792D
                                                                                                                                                                                                                                SHA-512:6671151577CC961CE2C016543EE78C6197ED5BA9ACBAD855641AF5F661BB0BB4A5253E9E7BB5AE52253ED451F90818289826C242659ECCE405C25F1B0092C83D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A..........." ..0.............V0... ...@....... ....................................`..................................0..O....@...................)...`..........T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................70......H.......P ..$...................t.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.725385029818809
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:GvVnAxNaH3xA+Dr+jWx2fWRFWxNzx95jmHnhWgN7agW3GByMyttuX01k9z3Al6td:mbHh7KjWx2fWoX6HRN7W2cSR9zi6tL5
                                                                                                                                                                                                                                MD5:B00B172EC15D23D3BED84FCFA40D59D2
                                                                                                                                                                                                                                SHA1:2B98143649573E5DF30EE989D46D1DE956BDFC4F
                                                                                                                                                                                                                                SHA-256:A589AC8A9E90BA4F3E96CEC8B360B894DAB5FBDEF0004EF428258A9DC28D309B
                                                                                                                                                                                                                                SHA-512:3822F4DC24FF40893470D15E05E4E54933D19350227CF07696231A8C7EAF955AC4B303C075FED0AE2AB6C25BF790F889178C06F340F2D22BFA342231EEE6E5F9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..........." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.795290241765418
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sSbUikV/AvcaTAFCA3xAiHIRWLgtWhW+WxNzx95jmHnhWgN7acWVxwVIX01k9z3G:RbUlhfIRWLgtWwFX6HRN7eR9zEOrc+E
                                                                                                                                                                                                                                MD5:E593AE76E4CFAC375120915947952FF6
                                                                                                                                                                                                                                SHA1:8015474D50021C65A65867636086E4A8A3A6F347
                                                                                                                                                                                                                                SHA-256:5DA38D4A9EB67C2EF23B416A505E0FDB2A22FD5FE45D241645B37B5B5F0BCCE8
                                                                                                                                                                                                                                SHA-512:43C7368A394B119839BAC8FC2B0F9213307C84F297CE480C0BFA3DF6300F3AA7B55E64E789D1EF619E88364387CB11D2228015D3A2CC8338596348D7B2772A0D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6J............" ..0..............+... ...@....... ..............................".....`.................................}+..O....@...................)...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.7458016577263
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:szoXpW5ZWWLhX6HRN7SmO/7R9zj2INRSX:szoXGDpWfOF9z6b
                                                                                                                                                                                                                                MD5:FA0C6A5EBA91D8A8B17232345900DD2D
                                                                                                                                                                                                                                SHA1:75AE67259791C5D4F580A9D2E0E7A892CB3B0902
                                                                                                                                                                                                                                SHA-256:AA82B36AF87D73B54AB0F0E5EFD9FDB16AAA6D3F385F238364ACD36E482999F6
                                                                                                                                                                                                                                SHA-512:8A76EF22006A7D4D3DF580CE00D310574251A91E942400E39637B57840EFE8386E51E27C92839E63038397CC900EFF43FEFD68A6E8820FF0C03CAB924F7DF812
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..............*... ...@....... ...............................w....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.84073937768766
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sygdxAWK9WAm5ijRW8ZpWjA6Kr4PFHnhWgN7acWLmFGyttuX01k9z3Al6tLw737I:ca9WAm5ijRW8ZYA6VFHRN73SR9zi6tLr
                                                                                                                                                                                                                                MD5:09D34FE80AF19BF5B77BBEFCC01F6E6F
                                                                                                                                                                                                                                SHA1:0A4FC9635C6710682C6D7FE32F91DC28C29ED7BC
                                                                                                                                                                                                                                SHA-256:F644B4FA91D1BDC0596F390C99A123C206D0115FDD18CE778A23254066F46270
                                                                                                                                                                                                                                SHA-512:E8131DB3070617A09955EFC7D267B2687A6FCFB7BD061FE027B54721C461E4D7119A0E80DD346865D187BE548001064A900479E99922835D90EC1222659D3DEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0..............)... ...@....... ...............................U....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.783350992582665
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:IJ6y3F1cxAKh7jWI+3WepWjA6Kr4PFHnhWgN7acWWPVs8RwX01k9z3AzBhJ:pW7KLWI+3WeYA6VFHRN7Re9R9z6HJ
                                                                                                                                                                                                                                MD5:67BD5079FEA8657220315ED9B2DBAF97
                                                                                                                                                                                                                                SHA1:63F0A66127FEF3021E2B64B53758FF202C3318FD
                                                                                                                                                                                                                                SHA-256:13BC715968175667FEC2E02B13300F5DE2A867B754B79439D2633FF3F9240560
                                                                                                                                                                                                                                SHA-512:05B77B8A04F623F79E91D3381FFBABE7865089EFEFBEB29CDB016856C80D2CDEEB72473872D237B9A23F937CEE82021165BFF05E51065C4F8DE71B5B273A6EA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{x..........." ..0.............z+... ...@....... ..............................9.....`.................................'+..O....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................[+......H.......P ..H....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.ProtectedData.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):37656
                                                                                                                                                                                                                                Entropy (8bit):6.5556240105252215
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:2iw9pjvYwx7FVx7YvcT+ClqBN0WrRxw9zew:2iwLkAFXfllq0WrIzew
                                                                                                                                                                                                                                MD5:FDA921FB799406EB3F8F68B23A4690A4
                                                                                                                                                                                                                                SHA1:9BF2AB8EE33A83F88898AE1E29C9EE58B298A277
                                                                                                                                                                                                                                SHA-256:DF4611DE8DA1B0A9C643C94CDCE53FCBCFF3B6169AC6482DB917D47DD3BCA0C6
                                                                                                                                                                                                                                SHA-512:D142EF66DBAF43E5F0A20DAD448F0FA1F903B42318A0B310DB3B29B9DBD27FB62C6CBB635CA6D5ABE61CFBE3E5BB6186D28D8E11E8ECA12239A2ACAFF4944C90
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..^...........}... ........... ..............................yE....`..................................}..O.......(............j...)..........||..T............................................ ............... ..H............text....]... ...^.................. ..`.rsrc...(............`..............@..@.reloc...............h..............@..B.................}......H.......8'...N...........u..8....{........................................(......2.. ...._ ....`..s!...%.o"...*..0..........r...p..(#...-..*.*.~u...*....0..........(....,..*..(.....o$......&...*..............*....0...........(.......(%...-..,..*.*.(....,.rO..p......%...%...(&...*..('...*.(....,.rO..p......%...%...%...(&...*...((...*.(....,!rO..p......%...%...%...%...(&...*....()...*..,&(....,..rO..prO..p.(&...(*...*..(+...*.*.(....,.rO..p......%...%...(&...*...(,...*.(....,.r

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17184
                                                                                                                                                                                                                                Entropy (8bit):6.739673851144617
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:kw7H2ocvxA4fjxWemfWkqWxNzx95jmHnhWgN7agWMVkCY00pyEuX01k9z3Aly+E2:DH2ocZpWemfWk5X6HRN7LVVEpcR9z0Bv
                                                                                                                                                                                                                                MD5:3CC8CAEBB57D05D1909F39A6D647B901
                                                                                                                                                                                                                                SHA1:29F8797E4DD7F5BCD863FFBB7888029BD363361B
                                                                                                                                                                                                                                SHA-256:5826E377C017BB5C872E173DB728BB38FF072D1E0FB26B8E19B9ECA088752918
                                                                                                                                                                                                                                SHA-512:927D96034350439D2DE069018158A2A9F2C9BDEA8520AA09B3232ABD2C2283B41EEBD2A661A46333D4F95339B5191FC72F6F192FE7C6C6C4428BAD5661CC76C7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0............../... ...@....... ....................................`.................................s/..O....@..H............... )...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Cryptography.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2050328
                                                                                                                                                                                                                                Entropy (8bit):6.67414937170935
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:edeK2ZryEXV6VZMxfVRVgmJE2Jjd6ECxObm8w3b41R:edeFfxfxgeu41R
                                                                                                                                                                                                                                MD5:18921E60094E6EEB74476CA10F785368
                                                                                                                                                                                                                                SHA1:CA39FBBF0481B521F289C189892CD4BDC6D2D09C
                                                                                                                                                                                                                                SHA-256:028606C9C16ACDE6BC7874809E2417FE6FD7BA94D3DCFD04CFCE5A4C21F16FF4
                                                                                                                                                                                                                                SHA-512:0BC5B20C232E9F13EC372FA6BE23DE495D9EE0FDBB577C104EBCDA0EE349F9282A68B3C88997337EC2ABF0DAC01885143BC9188B3308CAC5C1263112CDF8495F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`................................................... ...........`...@......@............... ..........................................d.... ...)..........P...p...............................................................H............text....V.......`.................. ..`.data.......p.......p..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Permissions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):92536
                                                                                                                                                                                                                                Entropy (8bit):6.1674565969059065
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:MOL/mLfHu4bKQI8qWMbnFMRyWBLa+o6jcxbgbfW:efpKQI8LMjFMzBLa+o6jtK
                                                                                                                                                                                                                                MD5:3A92C18C24D85F60F23BECD852F1510A
                                                                                                                                                                                                                                SHA1:F8EED1FAD4218F32A1251FAC65D42DBED903FC77
                                                                                                                                                                                                                                SHA-256:74EF3B67960A9B569FED9AC457157769DBFE433B0F4FA13C52167C2246BFED71
                                                                                                                                                                                                                                SHA-512:BACDF908AD5A92577EB12EF3A7342B8D4DAC67C5D8FDEEEAE044677D0D35DB64CAF9878C1F1B96F30549849AF3351588AA5271C1C6D2B6003658554E553D4911
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..<...........[... ...`....... ....................................`..................................[..O....`...............F..x#..........8Z..T............................................ ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B................b[......H.......(J..0...........XU..`....Y........................................(....*..(....*2.(....s....z..*..*..*.s....z..*.0..1.......(....,..%-.&.*..(.....o ......&...,...o!...,..*.*....................(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r...p......%...%...("...*...((...*.(....,.r...p......%...%...%...("...*....()...*.(....,"r

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):186640
                                                                                                                                                                                                                                Entropy (8bit):6.420537455369693
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:72kZDNC/sCTyRdtl63xJYrwkpDCRi1CSB2TOK1BguZbKXm:7U/sC6Ll67YrLpDCR4B2rPjxK2
                                                                                                                                                                                                                                MD5:7C560E02F8DFD723471F71CB71C0CCAA
                                                                                                                                                                                                                                SHA1:C1EA98009AEA6C3B12E078965CA3472E44EDA305
                                                                                                                                                                                                                                SHA-256:59815FEAB7B47ABF6E7D4231A7081452B256704A3834C6A927A9E74C03897B9F
                                                                                                                                                                                                                                SHA-512:32120BCF4D3E5C7A5AE676688FA8F0102C752E059C5EAF8987B37EAF3436C6892F9D1E7B3C531DB808E1E554316E24ABB0E3848705517833309954EBD537B037
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`...@......................................................g.....`...@......@............... .......................................N...........)..........p...p...............................................................H............text....T.......`.................. ..`.data....&...p...0...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.Principal.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.8053996554852345
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:CB0LZxAyk4jWVUmfW2fpWjA6Kr4PFHnhWgN7aIW5agiZTOebR5X01k9z3AZZNFrg:zLD+uWimfWcYA6VFHRN7b9bt5R9zExr
                                                                                                                                                                                                                                MD5:C9285D5497F2850234F48A0CF5619C0F
                                                                                                                                                                                                                                SHA1:1B3AEAF0C40E401C1A2B4C19EAD12314B5782DDF
                                                                                                                                                                                                                                SHA-256:902D836B8CB066DC2279E4DE0979B5A380BDCCCCFA69634BA51111CAC2BE2F44
                                                                                                                                                                                                                                SHA-512:5EE72864A21C23B1AF540DAD95D67348837467A3CE19478B02223EE220441E40388B97C8E1110452F32EC2FB04BB63B649E49860153B5B1DF3F4D37D1C37866B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J. ..........." ..0.............j)... ...@....... ....................................`..................................)..O....@..................()...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.SecureString.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.831153527632702
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:XMBPxo2xAjD/W1O3Ww81WxNzx95jmHnhWgN7aIWbTmAg7iDtagQ5X01k9z3ADqng:El6/W1O3WwpX6HRN7lriDtdQ5R9zaqcx
                                                                                                                                                                                                                                MD5:8CC719E1BA62CA6F7BAED90FDE41BF8A
                                                                                                                                                                                                                                SHA1:6F28D219D46E0A87658E0C46C5DABEFAE795F121
                                                                                                                                                                                                                                SHA-256:1AF90D82A617AFB3BCCFEEA39B6D18CFD3A7C93CC80C8B75DBFF0FD2E75E7BD8
                                                                                                                                                                                                                                SHA-512:E693831E7C4DE5BF2BF955A64D27B84F9ACABDC2BC6D7F150C582CE05E430C36BF48B22680E9A9831AE73A0615FD522576C22DD015CDE7D629413E200E5F138C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y6..........." ..0..............)... ...@....... ..............................QU....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Security.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18712
                                                                                                                                                                                                                                Entropy (8bit):6.530599284978063
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:jIhDM3WsKDWYX6HRN71nRxB+R9zpj5g9Z:jIh4iPW1nRxw9z15sZ
                                                                                                                                                                                                                                MD5:0E43639AE0E98F9148C913477276A391
                                                                                                                                                                                                                                SHA1:507E7B61569746ED20B920BCAD7D5C803D1E7736
                                                                                                                                                                                                                                SHA-256:C0F486C4FC818613DFC50485F7201B5A59A79851C3CCAB2FD75EDAB2456C33C4
                                                                                                                                                                                                                                SHA-512:1340334B451CC8F81D4FF525F5EE47988E3339921A8891CB5B0026E32669FCC0363D560478C05A81A7AAE4C81CE018CBD0DD6510DE94DED13B0892CF0EB424D7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...OZ............" ..0..............4... ...@....... ..............................+y....`..................................3..O....@..X............ ...)...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................3......H.......P ......................P2......................................BSJB............v4.0.30319......l...H...#~..........#Strings....h.......#US.l.......#GUID...|.......#Blob......................3................................O.....................0...........3.......x..... ..... ........... ..... ...r. ..... ...*. ..... ..... .................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ServiceModel.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.64645995156569
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:y3nspYI7GWGlM5W6WqWxNzx95jmHnhWgN7acWUlM/wKUWX01k9z3A/ylK:ptGWyM5W/5X6HRN712R9zUoK
                                                                                                                                                                                                                                MD5:E6CEF184273D2FE35362FF4E5D866FF7
                                                                                                                                                                                                                                SHA1:F6A57545875E5B8E1C8C05C0040BE9EA78207E3E
                                                                                                                                                                                                                                SHA-256:3D08EB5338C0C588C1ABD53FE726BAE0607E0B50312F0079B678E3759FA1ABBF
                                                                                                                                                                                                                                SHA-512:83D7671DC0B7E99068C8F322B1A81B090B54379EBEE2F9D6FED4104A138BDA4202EB92394B003134B73B9A2317A6592AD304C1435C7EBE5DA1953B1761130477
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1..........." ..0.................. ...@....... ..............................i(....`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ServiceProcess.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.754179132368782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:9NNuGxAo1BpWnielpFWYilpWjA6Kr4PFHnhWgN7aIWjvkYHnsTX01k9z3A1WdS:NHHpWnielpFWpYA6VFHRN7BYMTR9zUS
                                                                                                                                                                                                                                MD5:E5C676801CA76BCBF074E99710503F02
                                                                                                                                                                                                                                SHA1:63C05E75C9862CFEE2B26FCA0BE3F1FB4C37E175
                                                                                                                                                                                                                                SHA-256:634A5D94940A58BC90AFC5DFC90839359B0A9B2F7E0D7F12CDDA3281DF96418F
                                                                                                                                                                                                                                SHA-512:4CFB1A78F5698345174BBA119D51E48BC85A8381D8174231A7A2DD65C0281E726E34260B5EA5D1AD71DF5580070D4B4017CA4D3D9CF0592CA25600EE58FFD328
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..............+... ...@....... ...............................&....`.................................?+..O....@..................()...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................s+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):862512
                                                                                                                                                                                                                                Entropy (8bit):7.457167201577773
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:pf7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPSYBKgTWeybo:pD9km6k/IwRYbiBeKGCBYTyhs
                                                                                                                                                                                                                                MD5:ECB1B379B3BCB01ACB12FAEEDFC5D01E
                                                                                                                                                                                                                                SHA1:69BBEA3B222FF7566FA746572022F77F81122AF7
                                                                                                                                                                                                                                SHA-256:85F3296C927E27E28461F6325A05504C0AEA8B93CA79691542E2A9E9AF92D3C9
                                                                                                                                                                                                                                SHA-512:CC3E2AF695AF5AF4CCFDD981B15175A2525EAEBEB9BCB87C094E23FB156C7A50651B6600961741A0CCB1F7ACF2D38394F5395A846736371CAA6A1FD21FB1643F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3l............" .........@......................................................g.....`...@......@............... .......................................B..p.......0)......<...8...p...............................................................H............text............................... ..`.data...`!.......0..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.7352349940283025
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:h7mXhp/SxgZW6sJWDWWxNzx95jmHnhWgN7agWP3zzccADB6ZX01k9z3AqRrimR:h6xiUW6sJWDdX6HRN7azzccTR9zlRrT
                                                                                                                                                                                                                                MD5:7B3BDED48604BACF38173A19CB38F269
                                                                                                                                                                                                                                SHA1:9D15D2AD99F7437C9AE1775898C739712F8E5F93
                                                                                                                                                                                                                                SHA-256:A875D0785CAE18EE30DB531303C166BA1A1D30C0CA4AB8EDD38FE04056F91EAA
                                                                                                                                                                                                                                SHA-512:A34CAD7DC195B6C5B8A5C89E3A93083B1D401B5F772807524CEDE69210B04BF8FE746D9925C2FDB18B8D0F7636CFDFE48CF26FB0095500739CDC48E141BF344A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^*... ........@.. ....................................`..................................*..X....@.................. )...`.......)..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@*......H........ ..0...................P .......................................:...f.r....j..:..........u.z..n...7..&.....:..75o.=n..j~~.Qe..S..H....B.u.:..S.......Jw..........."U.I".$.1.........J/D.\BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................O........."...........;...........f.!...!.z.....z.....s.........;.......z...[.z.....z.....z.....z...B.z...O.z...v.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encoding.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.725439980411438
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:vzLJxAKpjWfgNWeWQWxNzx95jmHnhWgN7acWGPh3PMx6RMySX01k9z3AcyxaNIP:jJWfgNWzPX6HRN7PP9LMR9zPyyw
                                                                                                                                                                                                                                MD5:A16009A8EEBE01B264F1BD291D51DAFA
                                                                                                                                                                                                                                SHA1:7B4646DF65B243BBF2134594B08082F7CFE8F4A1
                                                                                                                                                                                                                                SHA-256:5F1FAA88187672DC240B18D4199BB8040BBE8F3F7EEC939DEC5ABB1407137D22
                                                                                                                                                                                                                                SHA-512:8EE0BDDA4F5BCDEB139C0D225E10385DA131808E7279EBBF2ED81CED81797A4E9118FCBCBAE46C07545D0B9D5C0527B81FE63E8543FDDC55125560518E676B9F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ql............" ..0..............*... ...@....... ....................................`.................................a*..O....@...................)...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133416
                                                                                                                                                                                                                                Entropy (8bit):6.122557067980221
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:2bTDQlE37ykm3E5T+zpq5D3lhjdPTp8K76+d05HzdyRNX3Mpm4+SqUTiSc9zt:2bTDQlZx3E16qvZ5N77uLINnMkSqUT4R
                                                                                                                                                                                                                                MD5:3AD11258AF678B2C75F0010EF78BC7EF
                                                                                                                                                                                                                                SHA1:68B5984401243F1071D73EB0E3F021E043A17EB1
                                                                                                                                                                                                                                SHA-256:CF456FA426BEF36E8ED5D71A3FAE3EFAD06F5425A53BDEEF427124DA42409D09
                                                                                                                                                                                                                                SHA-512:A2D904B99F4935648C7471569DD4FF81BD89A9AC1BB7931390BD3872E691B3B58BCEDB48961E2AAA3AA8C04227887D2A1CBAD6B41C416AFDDFD002044C3104C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....v@..........." ......... ............................................................`...@......@............... .......................................-..X.......()..........(...p...............................................................H............text.............................. ..`.data...}...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1501464
                                                                                                                                                                                                                                Entropy (8bit):6.712609643579495
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:8tH4NwClgTsJL6Tb/DrtY5uR5K91CSVcgtl3yM8cVUgHTHLP4:OHlTs4rDrtj5o1N8ca
                                                                                                                                                                                                                                MD5:07C161588790210444DC12F77D7CE1A9
                                                                                                                                                                                                                                SHA1:0F2E4407C0A4F25759A94488646B626DEA7D8785
                                                                                                                                                                                                                                SHA-256:93B1E1E677045AF7AAF17A9BFA9EA81D944E0918A94EB3492B78B22948550D47
                                                                                                                                                                                                                                SHA-512:7AF614FEC989F5AF4C5A8B6787109CEBB98DB23783C4CBBCA22847DB8A84C515FDD87978CE96DD42D2D1B48E2F27BFAEEC8456C422923C6DDF35FDA3F4C574C4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....w............" .....0..........................................................Y.....`...@......@............... ..................................................)...........R..p...............................................................H............text...F........0.................. ..`.data....R...@...`...@..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1022264
                                                                                                                                                                                                                                Entropy (8bit):6.8216381706865095
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:zx/dsuQ+B/b44HO2inDiv67tAEehjqnQf8:dQEb44HKivIehjyn
                                                                                                                                                                                                                                MD5:D02946E47FC19B1C831A811808342B75
                                                                                                                                                                                                                                SHA1:55739760E02BAFDA656149D052EEF444E68FDD90
                                                                                                                                                                                                                                SHA-256:0FECFAC9BDD40C258F720FAC301E3722EA9FC245119E43DD30D181A9B1072DBF
                                                                                                                                                                                                                                SHA-512:74FBB915D948C26F91D6295539A119C9E2B5B0C9877CAAECD0AD02F06EEA26B85AA2BF05CFF12A00098508859CC039A21D3D8AD10E04E1A969D280CCE2323290
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....U..........." .........P...............................................p......cj....`...@......@............... ...........................................G...p..8)...P......p...p...............................................................H............text............................... ..`.data....)... ...0... ..............@....reloc.......P... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Channels.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133408
                                                                                                                                                                                                                                Entropy (8bit):6.278452778470254
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:1T3t+/kXS+F3g2vlsEjd+fzs6Fls5JQzWoioIR3cBPdzyWBTzAp:1T3tYkCQQQmEjd+ZFl26zri9r2TUp
                                                                                                                                                                                                                                MD5:03A17E0F4DA9EB9C6EBB6E10CA241757
                                                                                                                                                                                                                                SHA1:612D03F4162282670D7276836B319F201DFACBD3
                                                                                                                                                                                                                                SHA-256:985DF4C7AC42C3447490BEC7653F111E137A88AC633BDAB6D0FDFAD23CB22095
                                                                                                                                                                                                                                SHA-512:39C1E597B35524E881902DC6F8946466EBAEFF404433A813DF7221DB316D3E1886A274065CF127740B31AD370F76D7C66B1FE7B965AD50482A0D624365922912
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|.$..........." .........@......................................................_.....`...@......@............... ......................................L7.......... )..............p...............................................................H............text.............................. ..`.data....#.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16144
                                                                                                                                                                                                                                Entropy (8bit):6.739782129844139
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ZHYCHLcH4H8HUWcuHWIYA6VFHRN7G/7R9zj2IUH+:LWTFClGF9z6S
                                                                                                                                                                                                                                MD5:B27644E15572E13CAB812C2031D76610
                                                                                                                                                                                                                                SHA1:CD2D27ECBB2E4D703CF2C253C6575CE1B53F3F24
                                                                                                                                                                                                                                SHA-256:00EE20495CD0531670CC761FF6B29A0230CF7C8FE607FCAD79567C5D1D01FF57
                                                                                                                                                                                                                                SHA-512:EFE0493109B04FAF580A745EC7FB120F0688C2E374F9447D06BFA742F2257E69E0E1544C3393AAE4EDB13B986396F20E90C2B32F480A75753FB8BC8E8500C8BD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............"!..0..............*... ........@.. ...................................`.................................;*..P....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..p...................P ......................................k...O..`.:b.v.$.]..],vO.#0.l...B^.....]C....%].%.../...H......._...f.9{...qFid..,>l.....S\.8..cQ.n....xV$....{.]..6.s.\. sj...BSJB............v4.0.30319......`.......#~..p...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c...{.....V.............c...t.....}.................9.....................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):489736
                                                                                                                                                                                                                                Entropy (8bit):6.715658217779917
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:x//X6hS+34BkQb8tA7nPgNKMpFI6bB5v30xhZWX9gL+i:xr+I0urMvR5vExhoX9gL+i
                                                                                                                                                                                                                                MD5:3356784EF4FE8C2678C85D417848A48E
                                                                                                                                                                                                                                SHA1:89E60DFB18514CA65A9606B93B7D2BA7B4BCA5FF
                                                                                                                                                                                                                                SHA-256:FB97F3ACD266AE1F0D25BD4CB77818AE1D154FEA3B46F2C1A3ED1EDB842F46C9
                                                                                                                                                                                                                                SHA-512:1C3AD7582BD3F5B77019D931EFEBBB3E79960AEF51D9624E00E183783E6F55CA2CA5BD09CF49B924C1970E10A92261230A14420D85694E04EC46F9A7DFE2107F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]y............" .........................................................P.......i....`...@......@............... ..................................l......,1...P...)...@......h"..p...........................................................p...H............text...2|.......................... ..`.data...M...........................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.769727575357376
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SCVm05B091ncmJQ8fxGWSOXW5YA6VFHRN7l9WoJR9zgy:1VpM6urmFCl/R9zH
                                                                                                                                                                                                                                MD5:740A782D6B359CF77C9E7A1ADAB24F77
                                                                                                                                                                                                                                SHA1:8695E898EDFF87BA40B0D9A9C8CDB901A0C3C195
                                                                                                                                                                                                                                SHA-256:B1DC1408C74380CB9F02D9B9BB3B550770B98E27D377E60F216C4B14D602356A
                                                                                                                                                                                                                                SHA-512:31759B0AFE7EE71BE2DBC56C7273B9B125B9AC298B644ECCC60AAC7BFA1436BC72508C65D95353DCF944A49434BCE02C88D43B2A1E4253666C7F80FE741689EB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............V+... ...@....... ....................................`..................................+..O....@..................()...`.......*..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................7+......H.......P ..0....................)......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................s...............1...........A.......O.................................W...........1...................p...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133424
                                                                                                                                                                                                                                Entropy (8bit):6.345631677255552
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:hgookDn4z7gSCyhdrhYnS+5atmkg9nE3rVo9kQXL:xTEw3yhVh/h3rVoOQb
                                                                                                                                                                                                                                MD5:E4248B0D435DD54DE832467B13489FAB
                                                                                                                                                                                                                                SHA1:32F6B603442302F627BC5DABFCDB5AAAAD44281F
                                                                                                                                                                                                                                SHA-256:43D450BB7B0D440ED0D7F9A933E68E69CC0E2591B5B4D6B81C682EB7DCE85548
                                                                                                                                                                                                                                SHA-512:27A095A634F88193DA5B3507363B753B1008674789EA50C66E582CED633D48D6EC1042FE7BECDF65085E29F5BE979E9EF5BB7AA930E14DB21BD4C903AA94C575
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#E..........." .........@............................................................`...@......@............... ......................................<4..........0)..........H...p...............................................................H............text............................... ..`.data....$.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Tasks.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.623536186140361
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:laf4fk3CBFoq19k9WHazWbIX6HRN7NejA2IR9zJNml:laf4BLonjWNgU9z76
                                                                                                                                                                                                                                MD5:4B0EBBC7AB26C4FA2712DC1D7A9A430E
                                                                                                                                                                                                                                SHA1:7E4872B4C2DA8CD8C39421EECCFEDB644F7F5882
                                                                                                                                                                                                                                SHA-256:71F1B7847ED8C9DF6DB99ED7B756E4B846FEC646D8A8033C16A3945378AFC964
                                                                                                                                                                                                                                SHA-512:339EEC43B703566A3094718FF28066E2A6011C3DCBAABCB3C7079CBF466D88F91702FB6BD8342DF08046854B6AC0B37A756A4AE7AEF20FD9A2C5D63477B73674
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ...@....... ....................................`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Thread.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.77418439872863
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:u4z2EI0W8tWcC7WGkX6HRN7cN8KER9zlZ:uOQvEWcN8R9zf
                                                                                                                                                                                                                                MD5:00FE534A33B1F18DD900DF89E17F73DE
                                                                                                                                                                                                                                SHA1:0792678A143E8ABDD57837D4B67D187B74570835
                                                                                                                                                                                                                                SHA-256:ECBE1CDE0DE93B08489005DE9B2BA627725DC55646735DCF0F027E0E1FCE6F6C
                                                                                                                                                                                                                                SHA-512:5AD071C4574453FE242344696DB8D132386CB05398C241F003C5643CC843C354288BB2C9A91BB6E0B8DB3E126B747C34BFBD01B51255C82DC6C237B86686E73A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^+... ........@.. ....................................`..................................+..P....@..................8)...`.......*..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..H...................P ......................................."r_....e6...@i..$...{.A;...;a.s7......i..>...b.Hg.u[..........4..$^..w..N......^...L>+..........%..&9y.;.. .T.9.........[BSJB............v4.0.30319......`...|...#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`...........T.............y...0.!...9.!.................................u.............@...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.729725204835813
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:12ctmTqd92QxcNauUWEmvWGWYWxNzx95jmHnhWgN7acW9vVKDUX01k9z3AyCW6Ey:RtX92OcYuUWEmvW73X6HRN7g9pR9zldK
                                                                                                                                                                                                                                MD5:C5F1D1ECF20663D3C1BC58887FB02131
                                                                                                                                                                                                                                SHA1:FF1860873F1CC59E9EE1E95992CDF6BA3B8E30DB
                                                                                                                                                                                                                                SHA-256:5913E28B4B0E1D9A722C378557FE4AF7DB39E8A5E916ACEF6EAEC9A78F5B4A35
                                                                                                                                                                                                                                SHA-512:0B000EFC667A85D36793D01456886BEB56BB96D8AE89DE84E5D49B488092AFA272578733DAC2CB147F87E94A60F17DB8E0FD2EA72E868F331A9F07CEB44A85E2
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0.............N*... ........@.. ....................................`..................................)..T....@...................)...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..,...................P ........................................D2.m...)..4...Ya.....B...z...T5.{...g.cH!..........H.K......{...J..K~c*..D..4*h,K[..b...Efd&.y...S..&T..E6[..._.a..O[LBSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.....6...................................p.......................W.....d...................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.Timer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.780056232573692
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:aeF6QoqNSEMWs1CWEX6HRN7vuc9WR9zBBGj:aUov4WvA9zbK
                                                                                                                                                                                                                                MD5:0A7251814B8BED94B4446C313D1BD7DD
                                                                                                                                                                                                                                SHA1:4BFE5154B22D587A69B1F8BB02A745A7CC0F6AFA
                                                                                                                                                                                                                                SHA-256:4A3352E5C4886501A6953E4C6448E389EA21C098A21638ED188A55C5A0C0E987
                                                                                                                                                                                                                                SHA-512:22E06FAB674F06A141C1631C483B885EBB8EC48A96C164ED69985E675CC3FEFD71E5BAAC6D29008379CD0B1C6D16928917C2BB1D58A016294C6580DBF93415A9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R............." ..0.............&)... ...@....... ..............................%Q....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................d'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....|.......#US.........#GUID...........#Blob......................3..................................................3...x.3...3. ...S.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Threading.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84280
                                                                                                                                                                                                                                Entropy (8bit):5.968460814469461
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:AWgoICPLdImrmODZcUBeZ8j0GEH9wd633GRm3LGgLWz9zu:AWgo9PL6FtZ8j0GEH9wd6GR4GgLaS
                                                                                                                                                                                                                                MD5:932A0C2978B649703C40B260B1955D26
                                                                                                                                                                                                                                SHA1:E9A4C055BC14B3A2DB5BC5D0CF838E79838CE8E0
                                                                                                                                                                                                                                SHA-256:15CC9DB291B87042F1AB4319F8D04F4CD226F15BF88BF0810B31DCD50FB0BB7E
                                                                                                                                                                                                                                SHA-512:51D6D767425FA1AFA0ACD5A149B99D4C62BAB174ECD7485211E9B9635EB876319E8AD2A96D9A7CEF26BEB855DA3661B26912F05014F6DC22CFFE33306D9988E4
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... ............................................... ............`...@......@............... ..................................d....'....... ..8)......T...h...p...........................................................h...H............text............................... ..`.data...............................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Transactions.Local.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):661792
                                                                                                                                                                                                                                Entropy (8bit):6.67434786359905
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:W/JxQHxtiM28JQUegnzVx3C9jB25sx91G0:W/r7wrzqg5L0
                                                                                                                                                                                                                                MD5:1944601E5186DB41729C8096C8A08BF6
                                                                                                                                                                                                                                SHA1:DD637874B36356698C54DB5DB565580C2183627E
                                                                                                                                                                                                                                SHA-256:981215F0EE08D156867FAAFAA17F9D97D409BE691BAB0BD330D5BAB864FA04F3
                                                                                                                                                                                                                                SHA-512:185C2B7994AD40F31FEFA4DAB46167477D0371850D2B7C62D87DEE8C4F746AC6C6D55CC6BFD85A1294BEC0273E88233D94A9096DDFD791C0A9FA45B938A6D610
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../5]..........." .....@................................................................`...@......@............... ......................................h...hI...... )...........4..p...............................................................H............text....5.......@.................. ..`.data.......P.......P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Transactions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16656
                                                                                                                                                                                                                                Entropy (8bit):6.711937162453506
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:rw3RC0uWzliWkYA6VFHRN7P4EpcR9z0BHky+:03RC0xoFClP4Epw9zaHkb
                                                                                                                                                                                                                                MD5:18BA1339DDC5D2FA9B78F7AC1C18624E
                                                                                                                                                                                                                                SHA1:FEA42F32DF780D9E9B180B149BC051DCC4C2CECA
                                                                                                                                                                                                                                SHA-256:033AD774B53A4CFF5AE9AD00AD51FB44FB7E34CCE86BB88E077046BBDE82094E
                                                                                                                                                                                                                                SHA-512:692E2FB1E69480A1D3264ED6666A2F0CAB1E05CDD6EE85DAFD58BF495443094DCC5D94864A2ACA6E7525129DB4F1442C3B80B52FF2C129E06C86DE6330A10605
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ..............................k.....`..................................-..O....@..x................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.ValueTuple.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15648
                                                                                                                                                                                                                                Entropy (8bit):6.81235116499574
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:56yhm7Qv3Wt7VWhWqcWxNzx95jmHnhWgN7agWaNVAv+cQ0GX01k9z3Aspnkf5l:8yh93WtpGWqjX6HRN7PNbZR9zBdkfP
                                                                                                                                                                                                                                MD5:FA3ADB76CA6EB3A67A5E4B6B24338726
                                                                                                                                                                                                                                SHA1:57EA6862DB7DE23B47C34A804C0F1C10E3BC19A2
                                                                                                                                                                                                                                SHA-256:4B3C5F41F52F16E2F4EC27BE12610A8437DE61F2B4CE53E383521A74D7937F44
                                                                                                                                                                                                                                SHA-512:906624CE50242A01B84603D8100AC37C73B55821D111EB56186EB2CB41BC27945FD69DCD140DEC88FAD42C5A62E5504F72E78B0C21BFC7DF39CD3C7290D84E6A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i..........." ..0..............)... ...@....... ...............................2....`..................................)..O....@..h............... )...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Web.HttpUtility.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):59704
                                                                                                                                                                                                                                Entropy (8bit):5.885165737065941
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:FERA91+CQcmHLnDWrdg7JvYJ2QWMVkDOBM7dWs3zXfXSXE2/2dAWCio9zL6:FSA/ScknDa2tYmwkDmmwWzvC32yWrgze
                                                                                                                                                                                                                                MD5:CFE673CE2D26EEF64ABEB7B7696177FF
                                                                                                                                                                                                                                SHA1:96321BE02E912B7813C8A3743CC15528A0DE0BA6
                                                                                                                                                                                                                                SHA-256:F1A590E321D86848C924055DAADAD7E4B086F199034F133DCE1B034E5AD53131
                                                                                                                                                                                                                                SHA-512:D70A9D8FAD2AD71774E2CA82D311E71A9B80BE9F1907E38A79529B142FE462BE393E1F39C7114FE674CD703C57001F4B42A27445C8ACA047074DA15A85E34F96
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... ............................................................`...@......@............... ......................................D ..........8)..........P...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.7523247989432935
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:iZL6h2FWVvo9W8YA6VFHRN752Y2MR9zPy0:iZWhAdFCl52Q9zK0
                                                                                                                                                                                                                                MD5:0031FC0CF7730A0D2A235083C7BE48D4
                                                                                                                                                                                                                                SHA1:FC6B6BD1AE65FEF8DCAFE4FEF263F36270ADED3B
                                                                                                                                                                                                                                SHA-256:9351D54C7407694F2ABB14DE7770A85CDE97AB0E603B9B54800DD78D4D10E59A
                                                                                                                                                                                                                                SHA-512:C25AAC8EE4FC10A8E53772C5FE9804C63E116EF4A2129EDFCC0D798417F96118FC7ED510656C6507132CBE9500676EC05D0A5F6A77B76CCE068BEC7087344FA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=..........." ..0..............(... ...@....... ..............................7*....`..................................(..O....@..8................)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~.. ...D...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3............................................................>...........i.....$...........T.....j.....9....................... .....R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Windows.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):56184
                                                                                                                                                                                                                                Entropy (8bit):6.176478053101136
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:H/+4IBAKUcb+KRcuVLJq9rweB2mnzkVJorcwwMevekaHhXn80GT0g8T:m7ouR80eELVCwxmkaBXhGYxT
                                                                                                                                                                                                                                MD5:F672A537A363A4EEA79A48CF34FA5808
                                                                                                                                                                                                                                SHA1:B9101BA7E62B0116AC5A7D4064D91F684E25F233
                                                                                                                                                                                                                                SHA-256:B0B15EE123D24A220DC3446C96A6273E2FDADE71D1F352BF06217BDE57778B24
                                                                                                                                                                                                                                SHA-512:4ED8FB355723824C6E608B38D397C215142D508C80E5000DF854200DE8F89B44EB4AFE5829EA40F7706A6149527DBD8C748FF3AF9172D9A20B24958DD94E6484
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N............" ..0.................. ........... ....................... ......nL....`.....................................O.......................x#..............T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........T...n..........$...(...L.........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...( ...*.(....,!r...p......%...%...%...%...(....*....(!...*..,&(....,..r...pr...p.(....("...*..(#...*.*.(....,.r...p......%...%...(....*...($...*.(....,.r...p......%...%...%...(....*....(%...*.(....,"r...p......%...%...%...%....(....*......(&...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Windows.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.713032229773769
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:oaHtXz5UAWElSWNYA6VFHRN75FwB2IR9zJZpA7:7xNUo5FCl3wwU9zW7
                                                                                                                                                                                                                                MD5:CF29C8C0F79AB74BB29D01A8CD114146
                                                                                                                                                                                                                                SHA1:DFFFCA8A3FB3CA3DEFD6F74DEE30D0A2C3824A70
                                                                                                                                                                                                                                SHA-256:60E61212B4413692C26885707CF656A94D9676FF416C009FECA45C13B45271AE
                                                                                                                                                                                                                                SHA-512:FE22D7A38752FF490568F9041C8FC063EAF2828B9D136446BA2F183B6433CCD1D184A4B1355B13ABF2CDE428025EE0C36D42ACBB2006539A9EFF31A166432DB7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................X.....`.................................Q*..O....@..X................)...`......t)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...|...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.701189252773519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:vc17FduW1H4W1W2yWxNzx95jmHnhWgN7acWPwy8RwX01k9z3AzBhxH9cHYNm:uWW1H4WUmX6HRN7YV9R9z6Hxu4Y
                                                                                                                                                                                                                                MD5:30E9D9AC1BBC20DF3488FA252015553E
                                                                                                                                                                                                                                SHA1:FB9419C4C85DBD5A3E2A9419AD34B4635C6CB544
                                                                                                                                                                                                                                SHA-256:79D0149A24692E7C6B2EEB854CFBF3400702ED3D6640AA471ECE856B59E269E8
                                                                                                                                                                                                                                SHA-512:22BAE9984027A91DD7AAA53E05B387C20315153C30954E6770538D85C0990C2622BD16E42CF7C70DD88BC01975A886B99D8AFFBF859C2C339ED3A18D6BCDE5EA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0.............B+... ...@....... ....................................`..................................*..O....@..X................)...`.......*..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................#+......H.......P ..@....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22328
                                                                                                                                                                                                                                Entropy (8bit):6.376492073803144
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Z1G5qkxK67ex4FC1sW1/AWZjX6HRN7Nx9WR9zBwrw:v6LWnrWw9zT
                                                                                                                                                                                                                                MD5:21D8FDE33639C09BE8AD7EA2CE430C39
                                                                                                                                                                                                                                SHA1:EB5DFA19839787F0CD7C0F8008AAFDAD62E33182
                                                                                                                                                                                                                                SHA-256:0EBF6E07AC4C055F6EAC71D86CB01C43FA3DF6954828FAEC2E9A491D28305CB1
                                                                                                                                                                                                                                SHA-512:28545864610BD19F44A5D06671453CAB62A33BA92E786C5B2A2F089ADA33FE6E947F6D6223195AFA5016F7A5EC506B33A84CC3EBCE4421CA8240C459AA03CAE7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..$...........B... ........@.. ..............................AM....`.................................wB..T....`..................8)...........A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P .......................................w.y.9e.)....w..N....5...V.IT......j..~...(.."......7..o.....M{f...jV.".l.+%J.....x._.....,...d..~C..u..c..A...E...!.fmBSJB............v4.0.30319......`...|...#~......8...#Strings............#GUID...$.......#Blob......................3............................................................G..... .......b...-.....f.......i.......................................[...............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.Serialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.632838369230027
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ZIhLW7MIEqHWJYA6VFHRN7cNviCksR9zcm:ZIhkbEqSFClWio9z3
                                                                                                                                                                                                                                MD5:14A3984EA8B856B26EF616F614D5350C
                                                                                                                                                                                                                                SHA1:CDD8701E19708B6916F3336BCA9B5D60777EB41D
                                                                                                                                                                                                                                SHA-256:C9C61183DF3FB4E23A0D98D3A1464352D84BBF80DBF05B5F2DFD5FB8186CA4E1
                                                                                                                                                                                                                                SHA-512:B99B727D1D0FCF453F6F1631C46D817A828B02A8E3D231A772E18433BA0133D0EED747C5E6563A9FC7CDBB75183C986F10DAA639AC8DF230DAE68AEA1A09A214
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"..........." ..0.............R,... ...@....... ....................................`..................................+..O....@..................()...`.......+..T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................1,......H.......P ..<....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.774367058875485
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:kZKFW/QdWHYA6VFHRN7Z9ZL2IR9zJHJUO:XB6FClZ9ZaU9zbB
                                                                                                                                                                                                                                MD5:BE12DF6ED82876BE80A492350334C32D
                                                                                                                                                                                                                                SHA1:929B139819B4AA89B251B0F7C79C84BB27255180
                                                                                                                                                                                                                                SHA-256:5BF16937086393770381C25842CB35011942F78D0C9EA7DCDAF0161429288B8A
                                                                                                                                                                                                                                SHA-512:CB4D30DD1EC8A1A5549BF06120C36275050714D4AC1049838A450D5345491E96C17EB18FD351280BA3808CED1D51C7F89EA7653091490C06AE98B7313CCC9C9F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q..........."!..0..............+... ........@.. ..............................Z.....`.................................q+..Z....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................`....Uk..O..8.....P.g.:.....PJ.+F.".C.{.....c.^.6....ejIs9..Lc5]...-#..8...I..b..yC`.......us_.V....~...c.^^...5....&Ssc....BSJB............v4.0.30319......`.......#~..d.......#Strings............#GUID...$.......#Blob......................3................................................L.............................p.L.....L.....8.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):30984
                                                                                                                                                                                                                                Entropy (8bit):4.288581469269511
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SW0heWs6bkmv7dYA6VFHRN7bUD2IR9zJO2:Ss6gmZFClbDU9zp
                                                                                                                                                                                                                                MD5:63AF3D0B5B3681BA5BB2586E41014548
                                                                                                                                                                                                                                SHA1:0E7A369FD101B66A96577FFB16FB188BDE100496
                                                                                                                                                                                                                                SHA-256:865C8934588F79ACB1BF69D0D406198ECCAC4751BFABCC0F6BB4E6712459090E
                                                                                                                                                                                                                                SHA-512:F82C6C4011F8B8C51AD506C22E5D4B1FCD4A3AFD10B9D0924CEFA54A5DD61E0DBFE972644ADB603AC0E75AE00DDD553D718E9BCB18F4CB95C25A3DEA9B323CC3
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ... ...............................................P......3.....`...@......@............... ...................................... ........P...)...@......p...p...............................................................H............text...3........ .................. ..`.data.../....0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XPath.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.732697208000902
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:hxLiAH6DWB2vWmBX6HRN7GNviCksR9zcrIs:7dHitWIio9zgIs
                                                                                                                                                                                                                                MD5:5A38DE4B1F1CEE04CE6CF96E1E07BA8B
                                                                                                                                                                                                                                SHA1:D66CCD2E1589D58E3621BCF2E63CCAE509171519
                                                                                                                                                                                                                                SHA-256:6AF1A8C435EF7BB1972E0509BBDD9A32B665949C248B6FD777833ABC527F290C
                                                                                                                                                                                                                                SHA-512:3069EDB787B0BDB46E023AB71E34B817CE4E00EE9AE69F7D75DA4D3477824761D38B30690F012EA3B1F54D3A25EDCFE292C1AC615FF4F2C4E82127D448CA98DB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........."!..0..............*... ........@.. ...............................g....`..................................*..Z....@..h...............8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ........................................w[zr..~.....8...<xq..W..xe...x.W.6pYMM..E..d..CJ..s...H.EKtfC V.Y7...6...o<g*.=.N.!..}".....R.r ....=.Q..*=yv.'.U>7.D{#..TBSJB............v4.0.30319......`.......#~......\...#Strings....P.......#GUID...`.......#Blob......................3......................................'.........C.............................g.{...%.{.....d.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.767329523656509
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:DTdo1x3iWe7sWo6X6HRN7lVXC4deR9zVj7uS:Xdo1sBWlVXC4dC9zVjr
                                                                                                                                                                                                                                MD5:123A240246001C458E14CA32D40D56EC
                                                                                                                                                                                                                                SHA1:473A3DF6DF0269BC824B6B90217CFA2141AF59C1
                                                                                                                                                                                                                                SHA-256:BAE0097F29C72DC7095DB06156D11BE9949C28CD8FFE5605851FFA8308B443BA
                                                                                                                                                                                                                                SHA-512:58AB7B7F06BC0A418B77DCBE8ABDC66850791B3D0AC4EB3819EA717B5B151B167B7CEE7ECDBDB86E66A1EF073B7E877ADB0C70F3B973E712DCB637BC504D0916
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..............+... ...@....... ..............................;n....`.................................E+..O....@...................)...`......X*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................y+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18216
                                                                                                                                                                                                                                Entropy (8bit):6.626651656502574
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:g3ohYBNTtxaxzWp2vWEpWjA6Kr4PFHnhWgN7a0Wb3pWXYz1X01k9z3A/u84ts:g3oSX2zWp2vWEYA6VFHRN7SsoJR9zgu6
                                                                                                                                                                                                                                MD5:59C396A982C075DEC28848C21B9B3287
                                                                                                                                                                                                                                SHA1:49889A00099595C550AC919E381E030C11D84322
                                                                                                                                                                                                                                SHA-256:9399F32559DCF33BE15D7F7C67BA6139602439BA848128715D3919084EFF0C8A
                                                                                                                                                                                                                                SHA-512:1492AC135547ABA77EFFE2C1C8DA278CA04CF5C8836CE175682B163BA7BD392C10A2718A9667A1EA2F6DB4A7984550C5C511796183A29B5D7902D2C0A2F3E300
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0.............N3... ........@.. ....................................`..................................2..R....@..................()...`.......2..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................03......H........ ..4...................P ...............................................z..R+...x...].R.;.m.xd.........%k........_........>.....KG.`..g.......a.&...j....:.Q'L)J...@...r^\C....\.nuBSJB............v4.0.30319......`.......#~.. ...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F.....H.....N...............................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.279851716286934
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:x5FIeq5ufyw8bcB8yGOk2Y0WKvjsWLYA6VFHRN7RQXu0R9zI+SI:x5FIeWv2dNFClRGu49zp
                                                                                                                                                                                                                                MD5:70B07221E2FF122EDC83D1CE7878F071
                                                                                                                                                                                                                                SHA1:10DC2947E778C5D3279251214FFC4D6F537AAFBA
                                                                                                                                                                                                                                SHA-256:C55AFCA244EA174CD7D26B81342B831D61D15F3D80EEE9406168F136CBCDD5B6
                                                                                                                                                                                                                                SHA-512:DB0114AEA937A0443595C1CCF577D540FAEDCB632C0475B1C3CA26A5076CEFADF916196DE0CCB924A657428E77FE892748AE22D495668445B4E113C98B89EA85
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ....................................`..................................H..O....`..8............4..()...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):50440
                                                                                                                                                                                                                                Entropy (8bit):5.759917233301275
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:eOlKhT46UA2Zi5wRNH5JVb0U502zq1TntuqZbFClYV9z6C:tu6Zi5i5jzCkeZisz3
                                                                                                                                                                                                                                MD5:91D003E2BCC6C343D3C752C9745F807C
                                                                                                                                                                                                                                SHA1:A793B282D2125C2F9DD5FD0380DA475F92A804A7
                                                                                                                                                                                                                                SHA-256:DE72057E9A2E41290B8BB3B829B101F420477726E134069A2E0C33270DEF210F
                                                                                                                                                                                                                                SHA-512:7862E0B67DFA761F45078813AEDF06C3C1D06545FA1E5FAB72F64F1FC0B2153444789D9AB3F599521AF89B3702E20D3DEC0CDEA42EB0ECF649755B03A215E0AB
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dll, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\System.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ...............................R....`.....................................O........................)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .....................8.......................................BSJB............v4.0.30319......l....:..#~..d;..dR..#Strings...........#US........#GUID..........#Blob......................3............................-......................=..\..=.....=...=............; ..2.; ..T.M.....m=....m=....; ..9.; ....; ....; ....; .. .; ..P.; ................};....};....};..).};..1.};..9.};..A.};..Q.}; .Y.};..a.};..i.};..q.};..y.};....};....};......[.....d.........#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\WindowsBase.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.726952486721783
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:6asFWQClWVrcW+ZX6HRN70oFr9R9z6HrUv:NCn8W0oFD9z6LUv
                                                                                                                                                                                                                                MD5:AF65B24620A1E57D5AF9C71EE3AD9587
                                                                                                                                                                                                                                SHA1:32E842B3D79AF9B8076F807481A8FE37E5537037
                                                                                                                                                                                                                                SHA-256:54123FC5B700ACA49B87F05A94C42D65F094EEB4EF450CD51FCEB73DB303FAB4
                                                                                                                                                                                                                                SHA-512:CEE9E50631869F2D0976217BAE8A3CE78DFF933EC62A4D2D148C72631EC37746160D64EAA959246A5E2A4FF9AFA0186171EDA5972D3AA3A732ACF1F1CCE00A13
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V1*..........." ..0..............-... ...@....... ...................................`.................................O-..O....@..8................)...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\mscorlib.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):59696
                                                                                                                                                                                                                                Entropy (8bit):5.652717651829639
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:kt51EDMpCUoqFY66Gw17oqZn/TEHmyrchswz6EEZcYf5o4ba2yGlG1QeY48lCiDV:ktFcC3ZcYf5o4bZyGc1A4cDXWQQzi3
                                                                                                                                                                                                                                MD5:52CFF557AED4CBD8D59B899A761B82BA
                                                                                                                                                                                                                                SHA1:E99FE78B96578A4A8036A07D431A3EB21FFA83C7
                                                                                                                                                                                                                                SHA-256:2F8E23C3566B02B2F9E0E1B86D6D81D3CE0DF06C5B9AEB68CEB66B6B152ED099
                                                                                                                                                                                                                                SHA-512:ED9B3A1BBA91FDEADCCFBDD63F10B72915EEFEA182564A62C163C34A865F00AFE81B72DC32FB55BA4D97803222ED934FB92861B6E16A9A58E785FCD2BDF8D1E9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{\............" ..0.................. ........... ....................... ............`.................................q...O.......(...............0)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P ..................... .......................................BSJB............v4.0.30319......l...$O..#~...O..(b..#Strings............#US.........#GUID..........#Blob......................3................................e.....b/........L%.O...).O....RO..EP.......+..:.:4..J$:4...&S0...+.O...%.O...(:4...&:4...":4....:4....:4..U&:4....:4.................N.....N.....N..)..N..1..N..9..N..A..N..Q..N .Y..N..a..N..i..N..q..N..y..N.....N.....N......R.....[.....z...#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\netstandard.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):101160
                                                                                                                                                                                                                                Entropy (8bit):5.502135579975956
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:bYsYXj0p2NYq5V4bgDHsPdIpuSE5L3Ukcz9wnXiKdkz:MMkYe4bgDUAxCnXI
                                                                                                                                                                                                                                MD5:937A6DCE409FE67D60722137A5E860EC
                                                                                                                                                                                                                                SHA1:9DC0849E2164D7B25F7F0F6DC3B9600EC431E914
                                                                                                                                                                                                                                SHA-256:F56C741CC18D17CB031A9CDEB3DE3C4662CF80CB65F434DCA5DF328AC682C5C1
                                                                                                                                                                                                                                SHA-512:B5379A528CDCB6F55A85002D89FCA19B2C2BC9461647E3B81791D63E8F2E0227B22427CB2A60393F3A6FC9B1E407E23E2B22AF93C378A16D83B232CA2DE74D79
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..X...........v... ........... ....................................`.................................?v..O.......8............b..()..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...8............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\oke.deps.json

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):145815
                                                                                                                                                                                                                                Entropy (8bit):4.7853540148209
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:IDL36kWqRwUqmNCKRxL36kW/FPm9FKR/KeHKK:kL36kqUqmNCKRxL36kyFPm9FKR/KeHp
                                                                                                                                                                                                                                MD5:A40C0BD8F3D0DEFFC6664F893C355349
                                                                                                                                                                                                                                SHA1:3337F326EC3A7AA025D87A71FAB086B6E3BC8E20
                                                                                                                                                                                                                                SHA-256:15D3FEDB09C82E467D0306109649BE06119C2C40F14A902D8C9C48959E52229F
                                                                                                                                                                                                                                SHA-512:AB1DFAF48092BC13E5E09175E0D1FB88ECB6A99C845830FCD8608DF9E6744A697C09E23098C7564D27EA1237FBE1F64159EF2E867225EEDDA72BEB0081551486
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0\/win-x64",.. "signature": "".. },.. "compilationOptions": {.. "defines": [.. "TRACE",.. "RELEASE",.. "NET",.. "NET8_0",.. "NETCOREAPP",.. "NET5_0_OR_GREATER",.. "NET6_0_OR_GREATER",.. "NET7_0_OR_GREATER",.. "NET8_0_OR_GREATER",.. "NETCOREAPP1_0_OR_GREATER",.. "NETCOREAPP1_1_OR_GREATER",.. "NETCOREAPP2_0_OR_GREATER",.. "NETCOREAPP2_1_OR_GREATER",.. "NETCOREAPP2_2_OR_GREATER",.. "NETCOREAPP3_0_OR_GREATER",.. "NETCOREAPP3_1_OR_GREATER".. ],.. "languageVersion": "12.0",.. "platform": "AnyCPU",.. "allowUnsafe": false,.. "warningsAsErrors": false,.. "optimize": true,.. "keyFile": "",.. "emitEntryPoint": false,.. "xmlDoc": false,.. "debugType": "portable".. },.. "targets": {.. ".NETCoreApp,Version=v8.0": {.. "oke\/1.0.0": {.. "dependencies": {.. "Microsoft.NET.ILLink.Tasks": "8.0.11",..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\oke.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):653824
                                                                                                                                                                                                                                Entropy (8bit):5.801942838175244
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:mJjAIiLbAjJ73BOTBaVI8ihGw+17YNeAY4zu8bxzcO3IA2V1n:SsH25kBGS4FK5zx+iIA2
                                                                                                                                                                                                                                MD5:B55E9E87AEF649BDCE9D017128D35B58
                                                                                                                                                                                                                                SHA1:9A94C13586D70CEA7E7D47A0FDE2A402A80486F5
                                                                                                                                                                                                                                SHA-256:F0C62A2EF4E6B806534E6A626BE49F19D62D8BB4CCE1AEF1A92169AA4B5CCA47
                                                                                                                                                                                                                                SHA-512:DF9FA0C05A3307DDEEE915C3D3A7AAE4D7DC351969DBE75904C36AAA3D4669F0E60A52E11F36629BF010BB48514BDF1B039C411F32D5862CFAB492B2EE8BED91
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]K...............0..Z...........x... ........@.. .......................@............`..................................x..K............................ ......kx............................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@....reloc....... ......................@..B.................x......H........F..8<......4...4.../....w.......................................0..4.......+.(.a.> ........8........E................o...F.......8........~....(....~....(.... ....?.... ....~....{....:....& ....8....~....9C... ....~....{....:....& ....8t...8.... ....~....{....9[...& ....8P......... ........88...~....(.... .... .... ....s....~....(........ ....~....{....9....& ....8....r...ps....z*.0..........(M... ........8........E....)...N.......*...8$...(.... ....~....{....:....&

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\oke.runtimeconfig.json

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):372
                                                                                                                                                                                                                                Entropy (8bit):4.676624916571053
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6:3Hp/hdNyhA0H0b2mwM5BXmJe5S1Me+AQ6NOCUo+K8E7/OyPfKmn5BNTy:dFG0b2voBEe01MeGex+K8E7nS2r2
                                                                                                                                                                                                                                MD5:59D61BDEBD920CB9E4D60307A2BC5C92
                                                                                                                                                                                                                                SHA1:5FF725D1F163C000B9626824DA74328B5967B4FB
                                                                                                                                                                                                                                SHA-256:81DACB192A7580652C042828A76633EDF434558CE0AA89DA26DC1CA070839852
                                                                                                                                                                                                                                SHA-512:B7D7F26365E9772F5E31F0F133E1F4FE7E9440589145D890F440E3A49377F7E9317D573677780209AA2A968D7FB7A3867A999357BB38BA18C88D4863147A5CBD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:{.. "runtimeOptions": {.. "tfm": "net8.0",.. "includedFrameworks": [.. {.. "name": "Microsoft.NETCore.App",.. "version": "8.0.11".. }.. ],.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false,.. "System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": false.. }.. }..}

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.CSharp.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18728
                                                                                                                                                                                                                                Entropy (8bit):6.614823038644222
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:aGTQ53LGCaWzjWf5mPWtYA6VFHRN7p9WR9zBDz:A2OGFClu9zV
                                                                                                                                                                                                                                MD5:672FEEF2922EF4AF66DB998096A89D85
                                                                                                                                                                                                                                SHA1:391C83B0404384036C9CACE7040C35A6F2A18D3C
                                                                                                                                                                                                                                SHA-256:10373C146A0331EF783E978C467F255E0F1CF2375BB55644CADE1A12C9E26C51
                                                                                                                                                                                                                                SHA-512:DB1221460CA473C60992215A14F4F7F7AB39C287C07A8A598043F3BFC3673D04D553D6BCA640AB19539694C8C8EADC53A6E07CA360ABD0EDA87C3EC46E0647FF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....FM..........." ..0.............24... ...@....... ...............................-....`..................................3..O....@..h............ ..()...`.......3............................................... ............... ..H............text...8.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................4......H........ ......................D3........................................z..z..z..z..z..z..z..z..z..z..z..(....*..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*BSJB............v4.0.30319......l...4...#~......p...#Strings............#US.........#GUID...$...d...#Blob...........W..........3........"...............3...........G.......................V.....).....0.....<.......M.........................................................v.....o...../...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):59672
                                                                                                                                                                                                                                Entropy (8bit):6.276822701470646
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:ULAlTaiu6JFtnildN+VIddFdFKflg7dBWsKbe9zHytQ:ULWFFMl2SZdE9idBWPaz9
                                                                                                                                                                                                                                MD5:8E3E44F19EC8EBF8A8531055FDAF5C36
                                                                                                                                                                                                                                SHA1:FF88654F1CAB396A8866AEBDE23ACD464B3FF5DE
                                                                                                                                                                                                                                SHA-256:BC1B40557361E60CC5D9546163E9A82A522FD317F92DFAB415BABE462AB170F2
                                                                                                                                                                                                                                SHA-512:51D83358130C6DCF863AF4AD9CBC8B4742E48236DB2B2E8483E777C6448AE67EAFFECEED47D4B4F0149DC423092691DB17B6A08029B9BE24F767310EB510B4E7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s............" ..0.................. ........... ....................... .......E....`.....................................O........................)........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........)......................0.........................................(4...*..z..z..z..z..z..z..z..z..z..z.*.*.*..z..z.*.*.*..z..z.*..z..z.*.*.*..(5...*..(5...*..(5...*..(5...*..z..z..z..z.*..(4...*..(4...*..(4...*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(4...*..z.*..z..z.*..z..z.*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(4...*..z.*..z..z.*..z.*..z..z.*..z.*.*..z.*..(4.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17712
                                                                                                                                                                                                                                Entropy (8bit):6.610099146248559
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:6ku3cV6HxWmH639QdWSdX6HRN72YMTR9zUMq:ruMV/oWDg9za
                                                                                                                                                                                                                                MD5:3B3C142639335F9B615C0DE17BACB2D0
                                                                                                                                                                                                                                SHA1:C599AA74C3D0916D6E0BAF0949C5A6894145C6F2
                                                                                                                                                                                                                                SHA-256:BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5
                                                                                                                                                                                                                                SHA-512:87A3D33BE2DD049D906EEA8266FA4EE4694A81E3EE07F8205CACACC75B141605DDA2D454905BA0196FE26B8C7E68F9F2469AF2AEB4DD92FFA4A65F4C026AEBEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.............B1... ...@....... ...................................`..................................0..O....@..................0)...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.701744794571341
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:QzcWLzW4odWhPMpWvYA6VFHRN75Eu0R9zI+c3R:Qogq4SiFCl5Eu49zpch
                                                                                                                                                                                                                                MD5:FF58F8B7FA6B85EDBB80514C07395568
                                                                                                                                                                                                                                SHA1:455B03BE90D7AD9CC61E4BB23886D7351D84FE25
                                                                                                                                                                                                                                SHA-256:C62A62A4D71C792459D645E6CB66E346095CD00533A5D77089ACB43AABD7A2AB
                                                                                                                                                                                                                                SHA-512:8D02FCD4C9D42E555E71AA8E40F595CE3AF0D68AE6A356C084F3B0394F7A98A4716E08E798BDD9E30388707F27C5B72295AB0779E6BBF396F74E26F7C580FB6B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?.*..........." ..0..............,... ...@....... ..............................p.....`.................................H,..O....@..................()...`......,,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................|,......H........ ..$....................+........................................(....*..(....*..(....*..(....*..(....*..(....*..z.*..zBSJB............v4.0.30319......l...4...#~..........#Strings............#US.........#GUID...........#Blob...........G..........3......................................................................\.....r.[...........z.........X.....S...........C...........6.............................q.....'...................n.........C...........8...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21800
                                                                                                                                                                                                                                Entropy (8bit):6.533163588505526
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:wNlXksC2wkRY1PufSyWnW5GWSYA6VFHRN7oHpGR9zqTjv:CNk1t2fL6FClwY9zqj
                                                                                                                                                                                                                                MD5:87B6E083D4D211D5E622AB996772234D
                                                                                                                                                                                                                                SHA1:B37633493B7E6369A4A539DB6638F4F88C659056
                                                                                                                                                                                                                                SHA-256:69543952EBF2200099BA49CDBA95C48D501C62DB7703D77157E1787A538AC3DF
                                                                                                                                                                                                                                SHA-512:BBB0071B439321F0D751E22FD9173143BE2AE45B8CAE114BF218D4D17CD3EE3D82A8B58DBA47F612E3141FB24F345F1998AFC215626719DAE75BFBDBB8166F83
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.."..........r@... ...`....... ....................................`................................. @..O....`...............,..()...........@............................................... ............... ..H............text...x ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................T@......H.......t!.......................?......................................6.......(....*6.......(....*6.......(....*6.......(....*..z6.......(....*6.......(....*..z&...(....*..z..z..z..z.*.*..z..z.*.*..z.*.*.*.*.*..z.*.*..(....*..z..z..z..z..z.*..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*..z"..(....*"..(....*..zBSJB............v4.0.30319......l.......#~..p.......#Strings............#US.........#GUID...........#Blob...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.AppContext.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.754633849646731
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:FYjgxACvaW+S7WFlWxNzx95jmHnhWgN7aIW+/yaYHnsTX01k9z3A1dcdL:Fk+NaW+S7WFGX6HRN7BnYMTR9zUdAL
                                                                                                                                                                                                                                MD5:CA56A8F20FBC0DC300136A7F52CE5448
                                                                                                                                                                                                                                SHA1:3BC48E9E7EBFFCBDE4A0018ABEE27077AA22C90B
                                                                                                                                                                                                                                SHA-256:1EE0C49348E8F269D65096B2A749E81E06ABED0796BE768D5383F174B3EBED61
                                                                                                                                                                                                                                SHA-512:2EC0A88FE112AC840DFBC7992028B85FF216AFF944483F1FC518A5E5E3822A6E7A2E7995E22464A07E3089680664D87124A1F1B1C3036C0F19B643FDF16F5D50
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................w'....`..................................(..O....@..h...............0)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Buffers.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.745504174553825
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:/XlE3V0WYZ2Wh8pWjA6Kr4PFHnhWgN7aIWH9qLrRGhFKeX01k9z3AB+Bf5e:99WYZ2WCYA6VFHRN7Cu0R9zI+1
                                                                                                                                                                                                                                MD5:CAA67B5CB207447441AF97F77A8D28EE
                                                                                                                                                                                                                                SHA1:00321E60DB8F53DAAB0AF1D86F090B6B77CA2F0B
                                                                                                                                                                                                                                SHA-256:49BD03FF5EF094D48ACE745D8F5C81077D28551CCA08B16D4C4DFAFAA352E43A
                                                                                                                                                                                                                                SHA-512:4F886B2E093397A857F69B1635BF3B6ABDD181D17FF21F19AD99916894A684AA35D834FDD03EFEF846AEA6BC99E42D4FBAA7E50EF2400CB818A301A285841B8E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F7..........." ..0..............(... ...@....... ....................................`..................................(..O....@..X...............()...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...|...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26936
                                                                                                                                                                                                                                Entropy (8bit):6.47445737401657
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:jPi0QxzG3d/d/mCYlW/n/y/dluM8W2og902Xe2WU9zV:jKNId/d/mCYlW/n/y/dluNWZg902Xe2l
                                                                                                                                                                                                                                MD5:F1B28CBA71825EBE1EC1CBFCCC701C5A
                                                                                                                                                                                                                                SHA1:0F756E43E2072ACB39B165CF63818C6AB85C0DD9
                                                                                                                                                                                                                                SHA-256:0AE92211FD9A1B7E2E63CB1DB68A8B0897BEC7726F01387166B991A1B83ABB0B
                                                                                                                                                                                                                                SHA-512:0FC5F209C25585F5C727F4DBD3E78930530F00DFC006BC7457903028B53576BD1569325F8B66406A0F2B4310C0ABBC85F47F2D936C223628BC4D2FB648BC17CA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....G..........." ..0..6..........nU... ...`....... ....................................`..................................U..O....`...............@..8)...........U............................................... ............... ..H............text...t5... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B................PU......H........"...1...................T........................................(3...*..(3...*..(3...*..(3...*..z..z..z..z..z..z.*.*..z..z.*.*.*.*..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(3...*..(3...*..z..z..z..z.*.*.*..z..z.*..z..z..z..z..(3...*..(3...*..(3...*..(3...*..(3...*..(3...*..(3...*..z..z..z..z.*..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z.*..z..z..z..z..z.*..z.*..z.*..z.*.*..z..z.*..z..z..z..z..z..z..z..(3...*..(3...*..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Immutable.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):73512
                                                                                                                                                                                                                                Entropy (8bit):6.117232045290415
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:ZHIKEHnwfPecUeZti9GaQS55erIyXHHQX+IDKhFXoJkIHFrsmwelOg4WMyRv1IFb:Zr75fXoJkLmviP8Ui4EzKHz
                                                                                                                                                                                                                                MD5:E1C3326BF49285A500CB6D83A3D65DC9
                                                                                                                                                                                                                                SHA1:E88061CE7EFE31B686B6A094577DB063C82A709F
                                                                                                                                                                                                                                SHA-256:1A1702ACA42E0493FEF39E293F7BF340E443DD45522DD73CCBBEE9AF37D31D6A
                                                                                                                                                                                                                                SHA-512:5311BB8FF7688171F06E34CD65A00D50173666971C43C581EEFF4A7725FE48FC1C41A37E073DB8824DDC289AB0A6B7BAB8721A07ABABDA3A94CF4436FA3AE704
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&u............" ..0.................. ... ....... .......................`......U?....`.................................H...O.... ..................()...@......,................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................|.......H........,................................................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23336
                                                                                                                                                                                                                                Entropy (8bit):6.499769366601444
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:W4KbFh103I0xvnEhfnn7/aBWMgwdj384vr7PWqadWPNSu/5l/snX6p6uXoLHsWPY:6Fh103IqnEhfOnGhbFClK9z53u
                                                                                                                                                                                                                                MD5:E36391C8A59BA266D09BFD96F941BFAC
                                                                                                                                                                                                                                SHA1:9634DD1F85C51EA30DC1F81500F5933E162A0D23
                                                                                                                                                                                                                                SHA-256:3B32DDBE943A66812AB279F4B730782F0F807ED9F7DB536BF1D79C561B5CAE9F
                                                                                                                                                                                                                                SHA-512:3B658CA4F0C25F1F3161BC750235EDFDFA145E9F3CD45203857A9D1B4CCA83B462596545E2C62E3DF13AFC173BFC4D9907EF7254A30B7D24E0834DDD582DAD27
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M..........." ..0..(..........2G... ...`....... ..............................r.....`..................................F..O....`...............2..()...........F............................................... ............... ..H............text...8'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H.......\"...#..................DF........................................(-...*..(-...*..z..z..z..(-...*..(-...*..z..z..z..(-...*..(-...*..z.*..z..z..z..z..z..z..z..z.*.*..z.*.*.*.*.*.*.*.*.*.*.*..z..z..z.*.*..(-...*..z..z..z..z..z..z..z..z.*..z..z.*.*..z.*.*..z.*.*.*.*.*.*.*.*..z.*..z..(-...*..(-...*..(-...*..(-...*..z..z..z.*..z..z.*..z.*..z..z..z..z.*..(-...*..z..z..z..z..z.*..(-...*..(-...*..(-...*..(-...*..(-...*..(-...*..z.*..z..z..z..z..z.*..z..z..z.*.*..z..z..z..z.*.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.Specialized.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26408
                                                                                                                                                                                                                                Entropy (8bit):6.41090257184895
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Obs21ymhwCp6w4B94kHclPaBW99j38xV+aJ7W4/u1Nn75CX616jmfmaGpIMot7pp:m13qCp6wS9gs7IgUGpyPFClrds9z
                                                                                                                                                                                                                                MD5:6FC757C790AB2FA5F166D7B36AF376FB
                                                                                                                                                                                                                                SHA1:11A6FB8F5332A145F266606F81FFA64DE32A4A3C
                                                                                                                                                                                                                                SHA-256:291F944D5D37D8D3B04F5A0FD643D18FCC29ACA0F0E01010B697120B2CAAB028
                                                                                                                                                                                                                                SHA-512:8BD99FA46DB4E49FA2679B8C54C28D7E995E15CA6E29A0EFE42F40926DF28AAC7342A7EDD06926E7E2E2F85BA7C4DDF0B0E8B64BA59FA0C2969D99F7A77C876E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............" ..0..4...........R... ...`....... ..............................4@....`.................................HR..O....`...............>..()..........,R............................................... ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B................|R......H........#.......................Q........................................z..z..z..z.*..z.*..z..z..z..z..z..z..z..z..z..(*...*..(*...*..(*...*..(*...*..z..z..z..z..z.*..z..z..z.*.*..z.*..z.*..z..(*...*..(*...*..z..z..z..z..z.*..z..z..z.*.*..z.*..z.*..z..(*...*..(*...*..(*...*..(*...*..(*...*..(*...*..(*...*..z..z.*..z..z..z.*.*..z..z..z..z..z..z..z.*.*.*.*..z.*.*.*..(<...*..(<...*..(<...*..(<...*..(<...*..(<...*..(<...*..(<...*..(<...*..z..z..z.*.*.*.*.*..z..z..z..z..z..z.*.*

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Collections.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):46360
                                                                                                                                                                                                                                Entropy (8bit):6.278966880981823
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:CLxxaQhh7y5KEAjliSB5me5o70LEvd/g1WB2tuZKWJufWdD9z8:CL7hdyu/meS70aVB2tuZKWJufWdpz8
                                                                                                                                                                                                                                MD5:466B4446A5FB24A30CECEFE95C782BBB
                                                                                                                                                                                                                                SHA1:0E3B82BD479EE2B725B5AF8CDDEDFA22ED2B6DEE
                                                                                                                                                                                                                                SHA-256:C0C7BC161FA971B8CF929E42E84F2ABEBC95FDD1750ADFE4D98FE752956128EF
                                                                                                                                                                                                                                SHA-512:213BFB89051F88E37F3B5F39D9AACAE174B9C33850FCA436C0930A726F7600189C9F9AB50FEEDC221B63E76A98173128B9B2B43837E57B81B0CD340C365AAB4B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V............." ..0.................. ........... ...............................1....`.................................D...O.......x................)..........(................................................ ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B................x.......H........'...x............................................................(T...*..(T...*..(T...*..(T...*..(T...*..(T...*..z..z..z..z.*..z.*..z..z..z.*..z..z..z..z..z..z..z..z.*.*..z..z..z..(T...*..z..z..z..z.*..z..(T...*..(T...*..(T...*..z..z..z..z..z..z.*..z.*..z.*..z.*..z.*..z.*..z..z..z.*.*.*..z.*.*.*..z.*..z..(T...*..(T...*..(T...*..(T...*..(T...*..(T...*..z..z..z.*..z..z.*..z.*.*..z..z.*..z..z..(T...*..(T...*..(T...*..(T...*..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z.*.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32024
                                                                                                                                                                                                                                Entropy (8bit):6.37621091157682
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:lmWsDEsDG6BafW7hn8t7E1GM3Xh4JFQrPWel9zASfi:lmWsDEsDG6Bafcn8pE1L30+PWe3zAMi
                                                                                                                                                                                                                                MD5:1526CF534EA677BFB21920977E5EC184
                                                                                                                                                                                                                                SHA1:4DD4003BCFCCDEB17CF3C7CE2173E47CB5BBBDC5
                                                                                                                                                                                                                                SHA-256:A20977F7D6DAD86A528CECDB3F78F0854076B3F136F14073F44B0C66011E1416
                                                                                                                                                                                                                                SHA-512:A8B0798AD37EE0B6167C015AFA3F3297744CF43362FA45ADA4A0369E0F445BF1720243B8BB26F9DAED2FA45F07496C415707F751FA5275E9544AF780C0B77D5F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............" ..0..J..........>h... ........... ....................................`..................................g..O....................T...)...........g............................................... ............... ..H............text...DH... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B................ h......H.......\$...B..................Pg........................................(....*..z..z..(....*..(....*..z..(....*..z.*..z..z..z..z..z..(....*..z..(....*..z..z..z..z..z..(....*"..(....*..z..(....*..z..z..z..z..(....*..(....*..z..z..z.*..z..z..(....*..z..z..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z..z..z..z..z..z..z..(....*..(....*..(....*..z..z..z..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z..(....*..z..z.*"..(....*..z"..(....*..z..z"..(....*..z.*..z..z..(....*..(.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.675054821557407
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:BjpmblJeIeGXxlkGl0Wu+XWEtX6HRN7klMR9zPyjO:BLc/Wk69zKjO
                                                                                                                                                                                                                                MD5:F8ADC8C164B2D4E9D87DCABCBDA95B44
                                                                                                                                                                                                                                SHA1:2D78A2C285FD096612530ED90BF7FBA8A2AE1392
                                                                                                                                                                                                                                SHA-256:E49B3F50FDB62357C70C944EF84DBCDE9DA86D2833882EA08AC28B1D3DA0EBBB
                                                                                                                                                                                                                                SHA-512:254E544BE19F32F0DF65627F80EF5D456B52FE38DCA7F1B498839649318CC6A60EC0B81984548BBB20A39753EC4904EC74AD057D2DE2D128CAB81E1FE5444143
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.g..........." ..0.................. ...@....... ..............................1.....`.....................................O....@...................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19752
                                                                                                                                                                                                                                Entropy (8bit):6.550367281579143
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JnTHGaCMheqDbY4+NI41/9/HWvPwWRYA6VFHRN7oaPF5DtdQ5R9zaM:1zGazeTb71/CnFCloeF3ds9z
                                                                                                                                                                                                                                MD5:3B7865099BF74D92C64B22C3E6D00F8A
                                                                                                                                                                                                                                SHA1:6AEA014A3562570BE0CE61084FE23292545BF5F4
                                                                                                                                                                                                                                SHA-256:58DDABF8B67AA154E4C4979AF37A5B7BE8873725047DA0C5FF4BAAFF1B262C35
                                                                                                                                                                                                                                SHA-512:1694B6F9DC739CD2980FE635562366A90B6CF33011DEE1E76B6284A24238756C3826DD7B7A64972B7B5541B691BCBBC29646C6CE5FCB42BC7CFE33617F710F79
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0..............8... ...@....... ...............................A....`..................................7..O....@...............$..()...`.......7............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H........!..0...................@7........................................(....*..z..z..z.*..(....*..z..z....0.............(.....*...................*.*.*..z.*..z..(....*..z..z..z.*..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(....*..z..z.*..(....*..z..z*....(....*..z..z.BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob...........G..........3........ .......?...D.......;...........................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26416
                                                                                                                                                                                                                                Entropy (8bit):6.511623706708294
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:7pQlmDchHtXVCmVRyFfVTcJSmV+CMkP6oNLDGlWnMZWKXrX6HRN762DtdQ5R9za2:7pmCcJ4pcJSwnGFrDW68ds9zt
                                                                                                                                                                                                                                MD5:1539C4D85866CFBE603BF6975AA03DD6
                                                                                                                                                                                                                                SHA1:B095F1798F80B7E698E1030EFDEC9CC4C73B17A4
                                                                                                                                                                                                                                SHA-256:579E00B32D72FBE41E10896722B6B208F11B090223D6C52185320C150AB79C5A
                                                                                                                                                                                                                                SHA-512:3C8A35BBBFF7A3ABE7E24C69234D8A2132652B6C9EBF3841EEAA84C0D705586EC401D5C70021A58F645FBE755727469B255771C83BD9969CA39310B8A8A67E00
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SH..........." ..0..4...........S... ...`....... ...............................'....`..................................S..O....`...............>..0)...........S............................................... ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................S......H........#.../...................S........................................(....*..z..z..z..z..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z.*.*.*.*.*...0.............(.....*....................z..z..( ...*..z..z.*..(....*..(....*..z..z.*..z..z..z..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..(....*..(....*..z..z..z..z..z..(....*..z..z..z..z..(....*..z..z..z..z..(....*..(....*..z..z.*..z..z..z..(....*..(....*..(....*..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):103712
                                                                                                                                                                                                                                Entropy (8bit):6.207071778282123
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:PTetpdrtlyn4Vnd0zBn0YRPXaHwizn9XCN:PTeHhtPUzBn0YRPKQ29+
                                                                                                                                                                                                                                MD5:CF871825F042C0A13787046AE5FD7A70
                                                                                                                                                                                                                                SHA1:D8D27E59832AF9967037B362BB9F946AE437A40D
                                                                                                                                                                                                                                SHA-256:BD411E6CFF74558D410549F89168DE79D9C185FFCA403E9ED07C9AB08068FAA0
                                                                                                                                                                                                                                SHA-512:B5413F803E464659B28F2ADE656A3573301366F5F587B5F9FDB51CB9B37BF9BA5C72424A9CF4C9DAA761000813ABF4D7607AD470B7D2AC569878967E6F2F878B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b............... ........... ...............................J....`.................................L...O....................l.. )..........0................................................ ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B........................H.......L2..dM............................................................(....*..z..z..z..z..z..(K...*..z..(L...*..(L...*..(L...*..z.*..z.*..z.*..z.*..z.*.*.*.*.*.*.*.*.*..(M...*..z..(....*..z..z..(....*..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..(K...*..(K...*..z.*..(N...*..(N...*..(N...*..(N...*..(N...*..(N...*..(N...*..(N...*..(N...*..(N...*..(N...*..z..z..z..(....*..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ComponentModel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.744859249785029
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:I7B+4Y6W4I1WFX6HRN7Iqt/RxB+R9zpaP68l:+4kWPNRxw9zir
                                                                                                                                                                                                                                MD5:AA59153C8CCDC8266954F00AE2C87699
                                                                                                                                                                                                                                SHA1:E139CD149C0F1C1727B25587FEC6B2A61E904FE2
                                                                                                                                                                                                                                SHA-256:66879742883A369ECE58BD17AF34134140812FF8A4BEBF812DD094444B1983AC
                                                                                                                                                                                                                                SHA-512:1FD30F72F319E658D424349C9FAF78B8F60471EDD3D879894438C8A37D459C304770D6146CC98465C49116E61B263EF865073A0AF4A20C7A10EB485A727232D5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."`............" ..0.............:+... ...@....... ....................................`..................................*..O....@...................)...`.......*............................................... ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......h ......................L*........................................(....*..(....*..z.*...BSJB............v4.0.30319......l...4...#~..........#Strings....8.......#US.<.......#GUID...L.......#Blob...........G..........3....................................................................D...........X...../.......e.........>.......................}.......................d.....~.....,.................l.....s.....9.....`...................................Z...].........;.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):67656
                                                                                                                                                                                                                                Entropy (8bit):6.110111633893927
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:Act7tERjvEWu2JQ/kzDWnfH2O48ZtplEcE:fWqUQ4MOO40DE
                                                                                                                                                                                                                                MD5:911F6B60D9B05B57592A6CB999B326B3
                                                                                                                                                                                                                                SHA1:079E037947F57B5E91A64B52048E84CC27EE1E29
                                                                                                                                                                                                                                SHA-256:3DD91130B0126632B3AE60445848757A89238B34978D55FE0BBAE3A617441BB0
                                                                                                                                                                                                                                SHA-512:96EA3D0A4BA29C5E430CC54E22ACA07892F3C0274D3765064DA3279F030ED81BC97598F419C1BA619B7659CA4EE76313A0F7A8C3F7C4476BD6C039A75D6CB786
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............2.... ........... .......................@......gO....`.....................................O.......4...............H$... ..........T............................................ ............... ..H............text...8.... ...................... ..`.rsrc...4...........................@..@.reloc....... ......................@..B........................H.......D.......................L.........................................(:...*..z.*..z..(....*..(....*..(....*..(....*..(....*..z..z.*..z..z..z..z.*.*.*.*.*.*.*.*.*..z.*.*.*.*.*.*.*.*..(S...*..(....*..z..(:...*..z.*..z..z.*..z..z.*..z..(u...*..z.*..(q...*..z.*..z.*..z..(:...*..z..z..(....*..z..z..z.*.*.*.*..z.*.*.*..z..(p...*..z..z..(....*..z..z.*..z..z..z..z..z..z.*..z..z..z..z.*..z.*..z..z.*.*.*.*.*.*..(....*..z.*..z.*..z.*..z..z.*..(....*..z..z..(....*..z..z..z..z..z..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Configuration.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19760
                                                                                                                                                                                                                                Entropy (8bit):6.50388265626174
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:TMXTSv/fUNRvGZYdf3zyP/weP+YHTWvANWxRX6HRN7h9bt5R9zExRK:qQPVKWjx9zsK
                                                                                                                                                                                                                                MD5:96C347B57AAA9AB1CFA8365585E9C9A1
                                                                                                                                                                                                                                SHA1:17B2B2F1019CC93ED1AEF0BE445CB1053C01341B
                                                                                                                                                                                                                                SHA-256:19C65DDFD1C484306C928BB8AE838215F7A689E757326791E50FD3C488CD1284
                                                                                                                                                                                                                                SHA-512:EC1DC25698B055F2C72A435F7C62B93635959A09C142D8908C2B03CEDF45B2E138A27DD227F4CAFA701897B8A305071346056DFE9017A1E0229C6A640B36660A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=#............" ..0.............v8... ...@....... ....................................`.................................!8..O....@...............$..0)...`......87..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................U8......H.......P ..h....................6......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob......................3................................h.................2...%.2.........R.......b.....U.....U.....,.....U.....U.....U.....U...3.U.....U.....U.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Console.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26408
                                                                                                                                                                                                                                Entropy (8bit):6.451982712520561
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:0rD5uuxQXlbvt3UjMkKpRVx3+mWsNKW4YA6VFHRN72YMTR9zU:0X56Xd1/kKpRVMaEFClDg9z
                                                                                                                                                                                                                                MD5:4165F3A942DA707488D87C53FA947677
                                                                                                                                                                                                                                SHA1:9182421549D87FCA7F102A35F762D72E7B46EB7C
                                                                                                                                                                                                                                SHA-256:7C94AD462A8C2B741820C967968CF4DA909431624F830516D0EDF96F7AD66CFA
                                                                                                                                                                                                                                SHA-512:29AF3446DA262E893BE61A828F59A2CEAF0012E382BC9D8305D1C04AFA3103F5ED7FF9E8F16710DFE1529864BD6907350DA6A02667293BFDB3DBB861968AB8DD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..4..........fS... ...`....... ..............................:.....`..................................S..O....`..X............>..()...........R............................................... ............... ..H............text...l3... ...4.................. ..`.rsrc...X....`.......6..............@..@.reloc...............<..............@..B................HS......H.......t!...1..................xR........................................z.*..z.*..z.*..z..z.*..z.*..z.*..z.*..z..z.*..z..z.*..z..z..z..z..z..z..z..z..z.*..z.*..z.*..z.*..z.*..z.*..z.*.*.*.*.*.*..z.*.*..z..z..z..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(....*..z.*..z..z..z..z..z..z..z..z..z..z...BSJB............v4.0.30319......l.......#~..H...(...#Strings....p)......#US.t)......#GUID....)......#Blob...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Core.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.307580885714362
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:/S9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXt5zElfWXJ2WoYA6VFHRN7kxJ:K9H4Ay0l9Jr34FPhoact/iKMePLAxivR
                                                                                                                                                                                                                                MD5:85A20E6FF4565669D120A52C00B12775
                                                                                                                                                                                                                                SHA1:4C648D4161C9FD6C7FAABCDE1ED7F45A68E98A50
                                                                                                                                                                                                                                SHA-256:CC23F980E20FCED097A234AEB379D9C9C1F5235B93126709199815E96D8F2217
                                                                                                                                                                                                                                SHA-512:96DCADABD7A73584BB58459404ECD011F088AFE6BF92E413BBE69F9EC329B651415405838100513358DBF09A3EDEC23792A6C54C9BDDFDBE74870BCF74421180
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ....................................`.................................wH..O....`..8............4..()...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&.................. G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.Common.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):154376
                                                                                                                                                                                                                                Entropy (8bit):6.170745629208609
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:TE+Az9C98xRHyhRvqgps96asBPebw/g6NdzM6lcOS6SzV8dTW5rznL7dmD+dEyJp:otfKTxVyNRbrdBlVI5et8ZbFC
                                                                                                                                                                                                                                MD5:69E0F425FBA157B5B0767076A3FD5C51
                                                                                                                                                                                                                                SHA1:F523D613AEB4A6C4E88E3A4BA50AA9DB4257D9E6
                                                                                                                                                                                                                                SHA-256:BE354A9F4A9DF8EC9A42D9BBA7622A4E963A620961D38DE702ADDECCC75A5312
                                                                                                                                                                                                                                SHA-512:1BFF36ADF51E20FCEE302A78B3BC10B86BC3F80667CE782DCDD10030744EED3D91B3B411860D7DEA453E19A0E8C8B702765AB3778953EDC29852BF3AC3553443
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^.?..........." ..0..(..........FF... ...`....... ....................................`..................................E..O....`..x............2...)...........E............................................... ............... ..H............text...L&... ...(.................. ..`.rsrc...x....`.......*..............@..@.reloc...............0..............@..B................(F......H.......(>..0...................XE........................................(}...*..(}...*..z..z..z..z..z..z..z..z..z.*.*.*.*..(~...*..z.*..z..z.*.*..z..(....*..z..z..z.*.*.*..z..z..z..z.*..z.*..z.*..z..z.*.*.*..(~...*..(~...*..(~...*..(~...*..(....*..(....*..(....*..(....*..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z..z.*..z.*..z..z.*.*.*.*.*.*..z..z.*..z.*..(....*..z..z.*..z..(....*..z..z..z.*.*..z.*..z..z..z.*..z.*..z.*..z..z.*.*.*..(....*..(....*..(.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16184
                                                                                                                                                                                                                                Entropy (8bit):6.666464376103628
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:gmoHF/wAisWaS7W5hWxNzx95jmHnhWgN7a0WO8flXefqg7i1X01k9z3Axpzu8:HoVWaS7W5KX6HRN7QYR7i1R9zORu8
                                                                                                                                                                                                                                MD5:9783A0CCD5A64883445821E1F071076F
                                                                                                                                                                                                                                SHA1:C710BFBB818BF9F27F123F07E90DE7DC98C9F6D8
                                                                                                                                                                                                                                SHA-256:55E5BD120160DDD157A2F11C8D8F9AD99972BAF1FA78C37647B0A34F268AC0DC
                                                                                                                                                                                                                                SHA-512:23052276DD8F811D240A277FE3C7C77743FAEADC54548E4EE712D5AC4DB7921988406E66B9CEA24A0AF1D73A4D31AFA14E2ED81E87C1F874EFC36C7DF4FDE785
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@..........." ..0..............*... ...@....... ....................................`..................................)..O....@..................8)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.SqlClient.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):54656
                                                                                                                                                                                                                                Entropy (8bit):6.1364283023463075
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:+OOOEjwvVb+AC0fUln6xsGNMgZKh3KxNga88jIUbdUqaZ:+OOOGsnU5yMgZK5e8uIUbd98
                                                                                                                                                                                                                                MD5:4A0913897BD09BC4A5FAC2EEF3F2F4BC
                                                                                                                                                                                                                                SHA1:F056B4E240A7192D7BC461E76099A403B03A60E2
                                                                                                                                                                                                                                SHA-256:029F75DF68500292579D5BF83175E38034BFB68C3A6954B0D48DB5BA6041F7FB
                                                                                                                                                                                                                                SHA-512:DCAC7762E0D657AB842940041C77D4B1B7295F1615B98652276AEE772F4C6E1C7A595FEC47F66B7C982ADAF8E59BB5337984791586DCDBBC7DC3DEB9AF4966B9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?............" ..0.............&.... ........... ....................... .......F....`.....................................O........................#..............T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........)..h...................d.........................................("...*..(#...*..(#...*..z..z..z..z..z..z.*..z.*..z..z.*.*..($...*..($...*..($...*..($...*..z.*..z.*..z..z.*..z.*..z.*.*.*.*.*.*.*.*.*.*..z..z..z..z..z..z..z..z..z..z..($...*..($...*..($...*..($...*..($...*..z.*..z.*..z.*..z.*..(%...*..z..z..z..z..z..z.*..z.*..z.*.*.*..(&...*..z..z..z..z..z..z..('...*..('...*..('...*..('...*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z.*..z..z.*..z.*.*.*..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Data.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):24376
                                                                                                                                                                                                                                Entropy (8bit):6.223404242896562
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Ge5gCB72SrVDZQwMWioFW1KX6HRN7tEMn8KER9zlYl:bDDZQyNWKMn8R9z6l
                                                                                                                                                                                                                                MD5:AE79B9E3D3498DDD30F3136B82BF4D18
                                                                                                                                                                                                                                SHA1:5FE9509E45BBB32EBC108B338B31E2179B159C0F
                                                                                                                                                                                                                                SHA-256:B96C6D5B742E601E60A1092C354DE4775CD3523AFD42AE1E252751D497994A4C
                                                                                                                                                                                                                                SHA-512:1CD5464BBA6AFFFD8F1D142240D3E8535A2D96965D1EED4BD393A70DD0CCC6607C8FFD65E956544BC60EDEDBD02E8E3937D4E444DCDCDBE853B0F55640E6019B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h............" ..0..,...........I... ...`....... ....................................`..................................I..O....`..8............6..8)...........I............................................... ............... ..H............text....*... ...,.................. ..`.rsrc...8....`......................@..@.reloc...............4..............@..B.................I......H.......P ...(...................I......................................BSJB............v4.0.30319......l.......#~..@.......#Strings.....&......#US..&......#GUID....&......#Blob......................3......................................!.........P.%.....%.........E..... ._.....%.........2.......a.....................9.....V.....p.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y...............C.....L.....k...#.t...+.....3.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20264
                                                                                                                                                                                                                                Entropy (8bit):6.540875284284619
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:sE5tSmIBed39vCgNW6Z2WQYA6VFHRN7UpGR9zqb:X8t6sgRYFClUY9z6
                                                                                                                                                                                                                                MD5:AF670E99CB55887E1948582ACE62BAF7
                                                                                                                                                                                                                                SHA1:9BF6F8E9EFA39004BDDD4EBA35D3E7108E28DF14
                                                                                                                                                                                                                                SHA-256:F7A5885FEEA1B79DCCA72006CA1E3506FDA380BC2DADEDEB89984221C3888108
                                                                                                                                                                                                                                SHA-512:9DDE9DBD37B129D6975058164FB756586DADCC0B03D1836B516336F6D9AFE6E29F74121D9760896A435B12D3350F474103066E55606E90E3CE10804FDB178116
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....(..........." ..0..............:... ...@....... ..............................?1....`..................................9..O....@...............&..()...`.......9............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......$!......................@9........................................z.*.*.*.*.*.*.*.*.*.*.*.*..z..z..z..z.*.*..z.*.*.*.*..z..z..(....*..(....*..(....*..z..(....*..z..(....*..z..z..z..z..z..z.*.*..(....*..(....*..(....*..z..z..z..z..(....*..z..(....*..(....*..(....*..z..(....*..BSJB............v4.0.30319......l.......#~..|.......#Strings....@.......#US.D.......#GUID...T.......#Blob...........W..........3........!...........7...:...........e...............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16176
                                                                                                                                                                                                                                Entropy (8bit):6.74420130921519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:jXfMxA3wKbW25mWHWWxNzx95jmHnhWgN7aIWN4uvpGX01k9z3Af/8ROnkxh:jCIW25mWHdX6HRN7yxpGR9zqCOSh
                                                                                                                                                                                                                                MD5:200A2EF8039A866C29F6646C08C916A0
                                                                                                                                                                                                                                SHA1:D9AFB3DCF376FDF153D5B0F1AE6167660DFB1FEB
                                                                                                                                                                                                                                SHA-256:F587E4D5F4347D8851FE63FD165FF3AF6F0A0D7EDB22DC9EC13878CC5342AB2B
                                                                                                                                                                                                                                SHA-512:51BEB0733A184397ED605D483D0EF47F7A6B6DA05666DB5175CBDB8CDEFB90E4D6BFDB0C59E118796E9851108D590F2EADF3CF07944424C05276BD9F8A64E25C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..............*... ...@....... ..............................+.....`..................................*..O....@..................0)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40736
                                                                                                                                                                                                                                Entropy (8bit):6.307914057502523
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:jFzgEDgMWQ651oB12mjsqA6WYEpw9zawC:hzcQ6yjpDWYEp4zlC
                                                                                                                                                                                                                                MD5:45269C7607DA6822ED2DEE5467F2F37D
                                                                                                                                                                                                                                SHA1:2BFE2E7B628B79F0A9C23038775355BE66F114C6
                                                                                                                                                                                                                                SHA-256:8997E4C03217D42B3079A2DBB6FE447DD554ED509ED90C8A5E52EB4E9EE20B6C
                                                                                                                                                                                                                                SHA-512:F092CBBC3417E069186B7B0DF32DD07ED879FDBDBEA538BC0694390C832D6F5FA912BEDDB2F5C7138AB6A5CEF8EDC40FC8A98C0C6DECD069DDC0E30AAE5DC4D8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....(..........." ..0..l..........j.... ........... ...................................`.....................................O....................v.. )........................................................... ............... ..H............text...pj... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B................L.......H.......H%..4d..................|.........................................(....*..z..z.*..z..z..z..z..z..z..z.*.*.*..z..($...*..z.*.*.*..z..z.*..z..($...*..z.*..z..z.*.*.*..z.*..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z".($....z".($....z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z".($....z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17208
                                                                                                                                                                                                                                Entropy (8bit):6.702962651766159
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:k/wVDx/2vWdwV9WJWxNzx95jmHnhWgN7awWxRsYl6d3RX01k9z3AQ0n1lW:WwVd/eWdwV9WyX6HRN76sYlORR9zIm
                                                                                                                                                                                                                                MD5:B3688F6BB0CAA4C4CC9CE2E0248B9A98
                                                                                                                                                                                                                                SHA1:845F2FF4FCFB197EC3ACD4B42CD23461E65A581B
                                                                                                                                                                                                                                SHA-256:1D2689DC46875180B4111DF3FECF8D3F13FE4EDDE8538BA88A448585CF39D614
                                                                                                                                                                                                                                SHA-512:31FE11C0CEDDBD09B0A2D8FF37E59E618E53A20124671F092B8C5388C34B176212F1D63666873208CF86B679864918F9C0B8AE47C8F0B223C5A0544AFCAC5858
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Vr............" ..0............../... ...@....... ....................................`.....................................O....@..................8)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..l.............................................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.BSJB............v4.0.30319......l...,...#~..........#Strings............#US.........#GUID...........#Blob...........G..........3........................................................................................@.......................b.U...Y...........G...........x.................).................x.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):31544
                                                                                                                                                                                                                                Entropy (8bit):6.477301504295919
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:cccpazYAySzT9b8ZjPKsgkUon8YVWyt9zX:bEAn39bejP5gkUo8YVWazX
                                                                                                                                                                                                                                MD5:5A29E313E9757BD4B3E161446FC018C7
                                                                                                                                                                                                                                SHA1:0E4C65EFE7DB7B7DFE068C0A6941301434C310EC
                                                                                                                                                                                                                                SHA-256:88EF7C2DAB93B91E517EB1B7B174F880F9460F43B013CF6BC6D0EC048AFF8C8A
                                                                                                                                                                                                                                SHA-512:9FA8E3851F1E6F35E83128FDF0DBDEAA8C83983BFBDD68869E67BC204DEE1304936632060CABF10079E39A3AF274D5818C91EFEE84B42B3D1370313B0BE71DEE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....~..........." ..0..H...........g... ........... ..............................5.....`.................................Dg..O....................R..8)..........(g............................................... ............... ..H............text....G... ...H.................. ..`.rsrc................J..............@..@.reloc...............P..............@..B................xg......H........"...C...................f........................................(....*..z..( ...*..z..(!...*..z..z.*..z..z..z..z..z..z..z..z..z..z..z.*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z.*..z..z..z..z..z.*..z..z..z..z..z..z..z.*..z..z.*..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*.*.*..z.*.*..z..z..z..z..z..z..z.*.*.*.*.*..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..(!...*..z..z..z..z..z..z..z..("...*..("...*..z..z.*..z..(#...*..(#...*..(#...*..(#...*..z..z.*..z.*..z.*..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23328
                                                                                                                                                                                                                                Entropy (8bit):6.454768245137986
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:OJF0OAlCl2wdsj0GuSYngX3bTKWnPgWHaX6HRN7zwEpcR9z0BKWsv:WCOAlClF0kngXLTzlyWcEpw9za3m
                                                                                                                                                                                                                                MD5:7F3B219E771EED402983BBDE046338A9
                                                                                                                                                                                                                                SHA1:F2E6CAB58F62C8F0E18CAAEF5EAF18E24E1FF6DC
                                                                                                                                                                                                                                SHA-256:4AB91B8FE0B5C9A0CB705BCEB65940544810B34712CA17668331D1CE1743D965
                                                                                                                                                                                                                                SHA-512:F212CA7013306A314E0659E08BF05F7063E1EDD88AB91E272BE1D0EFA3C36E2A7818A80FD48354C5D014AAFBC67212638AE924179D2BE922D5D4BEDA6EEE1512
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j..........." ..0..(...........F... ...`....... ..............................l.....`..................................E..O....`...............2.. )...........E............................................... ............... ..H............text...$&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......0!...$..................0E........................................(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID.......8...#Blob...........W..........3........#...........t...................;...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18224
                                                                                                                                                                                                                                Entropy (8bit):6.617683275275827
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:ciI3/BWnBwszp+yxtLeVWglCWzDWxNzx95jmHnhWgN7aIWW1VmvpGX01k9z3AfT/:cxv2wecVWglCWzcX6HRN7t8pGR9zqD
                                                                                                                                                                                                                                MD5:084CA4C7FADFB793B5BB15993FF8A871
                                                                                                                                                                                                                                SHA1:CCE82FD1A2324442DF58D5E19AF909EFC10AC76A
                                                                                                                                                                                                                                SHA-256:E6E30DD8EA9FF62FF94A152165443B5D5376EF6BE022910AE6A05ABF8987CB38
                                                                                                                                                                                                                                SHA-512:453026ED206A094DD235CC058F73B888CBA2283DC3256D155123E572F4EF4C21EFB1B269202BE0046B82151E0EF343B38CBC5B0FD1C7B666022BA6D5E8E00C31
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.I..........." ..0..............2... ...@....... ....................................`.................................t2..O....@..8...............0)...`......X2............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................2......H.......,!.......................1........................................(....*..(....*.*..(....*..(....*..(....*..(....*..(....*..(....*..z.*..z.*.*.*.*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z.*.*.*.*.*.*..(....*..(....*..(....*..(....*..(....*..(....*.*.*.*.*.*.*.*.*.*.BSJB............v4.0.30319......l.......#~..x.......#Strings....x.......#US.|.......#GUID....... ...#Blob...........G..........3................-...T.......<.........................?.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.8080160066573665
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:PAmShxA/HmWQzUWUdWxNzx95jmHnhWgN7aIW5Y3YHnsTX01k9z3A1GUST:PlexWQzUWUeX6HRN7GgYMTR9zUDST
                                                                                                                                                                                                                                MD5:6D8E075425E16A234FC8F5463C11BEB0
                                                                                                                                                                                                                                SHA1:97D419FD390DFBF214FB7CFCA029A3458554F55E
                                                                                                                                                                                                                                SHA-256:383907734CD3DD76969A359423AEF226CA131AD085FEFDE4943F9B6BB9B28102
                                                                                                                                                                                                                                SHA-512:45B57EC21B8E618E83E0B0B790A6C5964054D50C3DB8D88A7B564201BD693746C555A0203C50F7DEBB6888222A0BE8307598C6451AA1FDF254E48D1CF5A1A795
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................Q)..O....@..................0)...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):28424
                                                                                                                                                                                                                                Entropy (8bit):6.410252731869326
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:c9TazZSS8akYt8ozgfKCeULFCldVXC4dC9zVju:82zZSS8a3t92KhUpi3C4dezFu
                                                                                                                                                                                                                                MD5:D3927946CE1EDFC7521497111215839F
                                                                                                                                                                                                                                SHA1:5A2751A41BD21DD1E2402E938C3AEB9A639DEDE8
                                                                                                                                                                                                                                SHA-256:CED92574E9F9FC8CB0C65156D53266D938B79741D8C59EC572A5D1B03558B4DF
                                                                                                                                                                                                                                SHA-512:326DE47015B318DA33410B6A58ABF5F5300390361A07DEC5F237B28AF9653B892F4EC1E0EF90FE8DC0D1871C52D5374CE711C8A910EC062092EC5756FCDD8E8F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q............" ..0..<...........Z... ...`....... ....................................`.................................tZ..O....`...............F...)..........XZ............................................... ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................Z......H........"...6...................Y......................................&...(*...*&...(*...*..z.*.*..(,...*..z.*..z.*.*.*..({...*..z.*..z.*.*.*.*.*..(y...*..z.*..z..(-...*..z..(-...*..z..z.*..(y...*..z.*..z&...(*...*&...(*...*..z.*.*..z..(,...*..(,...*..z..z..z..z.*.*..z.*..z.*..z.*.*.*..(....*..z.*..z.*..z.*..z..(....*..z.*..(,...*..z.*..z..z.*..z.*..z..z.*.*.*.*.*..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(,...*..z..z..z..z..z..z..(,...*..(/...*..(/...*

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):29480
                                                                                                                                                                                                                                Entropy (8bit):6.383167048031286
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:baCo+65bGbs7x1gXpGYwtVlvy+VygVoMWbKDWgYA6VFHRN7lYtqoJR9zgiUf:baPAbs4+l7ygnDFClW9zuf
                                                                                                                                                                                                                                MD5:3019B6765181F81899F0BA6F5136E4EE
                                                                                                                                                                                                                                SHA1:9BD6976DC505D4C6790C1B2C78B196882970A6DF
                                                                                                                                                                                                                                SHA-256:1557C20336DCE9BC0869BD16DCBDD6DB004BC177C28F0C00AB721B8E4EC27D52
                                                                                                                                                                                                                                SHA-512:C3A558B24DBAFA533440E263D5DA70CF3ED14BE246B01D643D7E163AB492D89254098F224071EB4136B99C3D47839311881DE178A5B57F926A6A075DE7B5AE8B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..@..........:^... ...`....... ...............................A....`..................................]..O....`...............J..()...........]............................................... ............... ..H............text...@>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B.................^......H........#..P9..................L]........................................(!...*..z.*..z.*..z..z.*..z.*..z.*..z.*..z.*..z.*..z.*..("...*..z..z..z..z..(!...*..z.*..(!...*..z.*..z.*..(!...*..(#...*.*.*.*.*.*.*.*.*.*..z.*.*..(#...*..(#...*..(#...*..(#...*..(#...*..(#...*..(#...*..z..z..z..z..z.*.*.*.*..0.............(.....*....................z..z..z..z..z..z..z..z..z.*.*.*..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(!...*..z.*..z.*..z.*..("...*..z..($...*..(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):36120
                                                                                                                                                                                                                                Entropy (8bit):6.28308379692295
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:58Jiamig1vvbu2/liTcIYsnwevaaaPdI3JS1ijD6I/CvbMOabwjvwjswjNwPHwjg:eXXg1vj9/lsYMvda6s1iiI/CAJWTD9zP
                                                                                                                                                                                                                                MD5:49B43F2193B5EF0CB1B140ECC76DA7CC
                                                                                                                                                                                                                                SHA1:0739FBEC37BA778D3DE023EA979B15C16ACD47F6
                                                                                                                                                                                                                                SHA-256:27FD7C3C9C0CF7A9A558FA1A3753C5B254E8F69298F3B8BD2385B15E1A36ADDC
                                                                                                                                                                                                                                SHA-512:3D7246031AB16680435F9B7A13F0517CBE6D5801F0DAA68B5193AA494EC04E2EB081B528F08F4D54084C1B7E62133E7455CFC6BB4ECE7CC22579AF77EA95694C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..Z..........Zx... ........... ...............................6....`..................................x..O....................d...)...........w............................................... ............... ..H............text...`X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................<x......H........$...R..................lw........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Drawing.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20776
                                                                                                                                                                                                                                Entropy (8bit):6.428726027972037
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:v8iP7uC8MYITetNPBw7vaWxAtWdYA6VFHRN7DkELRPR9zjOmxk:vRMPD8FClQQ9zKl
                                                                                                                                                                                                                                MD5:72E86E777EB37C25309D9CA02FB173D2
                                                                                                                                                                                                                                SHA1:958DBEA0B0EC16624B24F05A13633642D929A3C0
                                                                                                                                                                                                                                SHA-256:4EF5CE2DAFC66D495B9D075EB30AA5DC5C32A84FBFB2903E57E514A7BB4ACC96
                                                                                                                                                                                                                                SHA-512:E15CA60C6D30BF4A661B51D7034E055224A89B108CEBA7FEF13C9246391E46DC05D35E6F46AD6FB0D115CAE7DE6371F6CCAA71695D56A84C9FB9DEFEFC8FAA36
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b=... ...@....... ....................................`..................................=..O....@..X............(..()...`......0<..T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B................A=......H.......P ..`....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.6920378205912305
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:8YwoCMWs1CWSYA6VFHRN7xo0yzxIPaR9zEs4M:8ToF+FCl+0yzxOW9zFh
                                                                                                                                                                                                                                MD5:61F1E563B3D2F94B3392CD568254FCE8
                                                                                                                                                                                                                                SHA1:E5F006FBC73D470081D92C2DFD47C13382D78438
                                                                                                                                                                                                                                SHA-256:9E24A4F9235027AB72D2480FA54EB291AC46E86354F240426CD8FA0FDB2BF197
                                                                                                                                                                                                                                SHA-512:4CFA20B326B7729D1483CB1AEBBD261A4B6FCC46948C91C4EC844D34038ECBF94C84AD6959AE499AD8C7F05D72C2CF1A19A1C09BC5D25B1B98A81A51B8712357
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.,..........." ..0..............,... ...@....... ..............................L.....`.................................e,..O....@..................()...`......x+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Formats.Asn1.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26400
                                                                                                                                                                                                                                Entropy (8bit):6.499105325835797
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:gp3p6eU7RGecKIORkrZAlocQeIOFClvY9zjL:gp3p07RGIXRkrZAloSpivQzjL
                                                                                                                                                                                                                                MD5:A09B8469A4154FC1D300E98A2D4B6475
                                                                                                                                                                                                                                SHA1:DF2AD857C28C5D8D00FD5678748D35680E8A9EBF
                                                                                                                                                                                                                                SHA-256:233B081721683C05DC02E6D3EE31DBCADF6887C73AFACD8136CE4D19A291B371
                                                                                                                                                                                                                                SHA-512:6966806782CCBE1F452D587CCF9BA616A6B16A7AE6CE042927544618BC865E9B79D0D3638FCE7015081132B995A8506EC394D95F07129474B7E7C087751F65C5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;5..........." ..0..4..........nS... ...`....... ...............................|....`..................................S..O....`..x............>.. )...........S............................................... ............... ..H............text...t3... ...4.................. ..`.rsrc...x....`.......6..............@..@.reloc...............<..............@..B................PS......H........!...0...................R........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z.*..z.*..(....*..(....*..z.*..z..z..z..z..z.*.*.*..z..z..z.*..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Formats.Tar.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):6.634143086124146
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:hiRMoSDQ1YegIg2uO6LVJcCWSRLcWYyX6HRN7dSR9zi6tLt+:uZYlmIbBWde9zHM
                                                                                                                                                                                                                                MD5:CA3C31DB845576D59197EED89ED546C1
                                                                                                                                                                                                                                SHA1:A39CA196F4F4CF896B8A37950F7AAEE4A557E5B5
                                                                                                                                                                                                                                SHA-256:5F8A6594C8ACB523290E8CA59F2BB64A521AA7000F9FE30E5B91E876D9F2F304
                                                                                                                                                                                                                                SHA-512:EFCB86042D3CD1EB92EAF9FB70841D00132F6892A5261F374380F3C46E53D1AEDD2616F8C04FA2ACF5129046594E505DB21AB46CFCBDCA3984F158EAEF06F8CE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0..............;... ...@....... ...............................6....`..................................;..O....@..x............&...)...`......l;............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`.......$..............@..B.................;......H.......\!.......................:........................................(....*..(....*..z.*..z.*..(....*..z..(....*..(....*..(....*..z..(....*..z.*..z.*..z.*..z.*..(....*..z..z.*..z..z..z.*..z..z.*..z.*..z.*..z.*..z.*.*..z..z.*.*..z..z.*.*..z..z..(....*.*..z..z..z..(....*..(....*..(....*..z.*..z.*.*..z..z..(....*..(....*..(....*..(....*BSJB............v4.0.30319......l...L...#~..........#Strings....t.......#US.x.......#GUID...........#Blob...........W..........3........"...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.766379214654712
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:c0sRqXWDRq4oRqm0Rq7WSYA6VFHRN7XgJ8KER9zly1O:9mqKq5qmuqFFClwJ8R9z01O
                                                                                                                                                                                                                                MD5:D21C365011A6420D58FE6EBB86C5784E
                                                                                                                                                                                                                                SHA1:7EEA87877D56968A80A940C5FDD72E7416CB666D
                                                                                                                                                                                                                                SHA-256:C016FF9595BF28A1D507A8058BE786FD0EEA635569EAE5E27D8F7B0B8D2DE0F2
                                                                                                                                                                                                                                SHA-512:FE74960971E974771D86195B317A5096412868654F151CA2BB1FF4E058EC8315AA19613C2423597A6C02F88BFFA4E6C05360C1143FE09306955DA48DEF5C9477
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.............>+... ...@....... ..............................H.....`..................................*..O....@..................()...`.......)..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................l)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.821063767728242
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2gKxRPWYRg7Rp0RjWCXYA6VFHRN7HoJR9zgwmL:2gKnN+putXFClA9zA
                                                                                                                                                                                                                                MD5:0DEE67964FCB385F9FA8B7C3828ABCDD
                                                                                                                                                                                                                                SHA1:831A65D098049E4260A24B7C6AF40B1F97E4D598
                                                                                                                                                                                                                                SHA-256:07C60EF102AA7DFAD2BC691A9B4B9D827C40934C4E88029E19E9694267B93465
                                                                                                                                                                                                                                SHA-512:277719C8981D6EE5F86E58FD6F1D554E9044B397A0598C4FABF7B7E6F8243A86C96114EA3DCAA80EF9942F47C60D0CB27DABF8CA081437A20A94312C4155DC52
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............)... ...@....... ..............................5.....`.................................o)..O....@..................()...`......p(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Globalization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.706885767315989
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:9D3RLWdRMCRA0RHW7lX6HRN7U3GiNbZR9zBd6o34:9Dh0jAuSFWmFT9zz34
                                                                                                                                                                                                                                MD5:1104F40E8469C5590E7EFF79F7CA7D20
                                                                                                                                                                                                                                SHA1:D156ECD4719973DCD81AA14D1A5E25C403506E66
                                                                                                                                                                                                                                SHA-256:B5809B99963888AA99A958A22982CDDD7235C09053466F2922C3AB120CBDE456
                                                                                                                                                                                                                                SHA-512:2126C5FF977F4E1A1F1CD0D5E96C0AAB5476CE12C9EE14B3AB9AC7180C9483F681029C961E3031D82F788B2172F647FADFE99805BFAFD9A2625723B0C1E9273C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............" ..0.............v*... ...@....... ...............................q....`.................................!*..O....@.................. )...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18232
                                                                                                                                                                                                                                Entropy (8bit):6.641529804153727
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:bYw/JY/RupUWJ6TWOhX6HRN7+wNviCksR9zcaH:b9LARWjio9zR
                                                                                                                                                                                                                                MD5:6A97E42763416C59B00F7742A737D25D
                                                                                                                                                                                                                                SHA1:AB7E3E784AD6F93BFDCD5090B47739BD8F66B5D9
                                                                                                                                                                                                                                SHA-256:D4D27325A4E957E54E41047DF2599723CF5D1F66144D905893229EF8FFFF7560
                                                                                                                                                                                                                                SHA-512:DBC6F74D79B8223936DA7F8C017EF3F007F8AA23A83F80EDEE7D765F33FF41F1E132920C6A65612287D2B00E79DB19439D6E29F88D771252263DC6E5821BABBE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............." ..0..............3... ...@....... ..............................@M....`..................................2..O....@..................8)...`.......2............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........ ..h...................@2........................................z.*..z..z..z.*..z..z..z..z..(....*..(....*..(....*..(....*..z..z..z..z..z..z.*..z..z.*..z..z.*.*..z..z..z..z..z..z..z.*.*.*..z..z.*...BSJB............v4.0.30319......l...p...#~...... ...#Strings............#US.........#GUID.......X...#Blob...........W..........3........(...........)...J.........................................<.........3.^.....^...(.K...~.....e.h.....^.....................~.h.........l.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.764939082374204
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:5tfL/jFoPaWuJmW0xWxNzx95jmHnhWgN7a0WamLkoiINFPKBWX01k9z3A+olmV:PfLxKaWuJmW0aX6HRN7R1t8KER9zllV
                                                                                                                                                                                                                                MD5:C804A5B35533C6C78ACDEB7928617388
                                                                                                                                                                                                                                SHA1:C037FD5B022707FEA213F703C22682CB4A2C95FB
                                                                                                                                                                                                                                SHA-256:1481A72E898D6A995BB99EFFFF60AC5CF4D49463A24DC23EA6F73B5E69E3251F
                                                                                                                                                                                                                                SHA-512:EC938C04E946C36CB378A387D8E8EB679E16A43C4E0E75C6DA8A428E426B0EACBA7170758EB1199A45B18A1239EA61806ACA85FBAFF698D6FAC77B3FC8268F07
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.t..........." ..0..............)... ...@....... ..............................X.....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17192
                                                                                                                                                                                                                                Entropy (8bit):6.6845298470427945
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:T5mlNXgrSWPhREhW5jpWjA6Kr4PFHnhWgN7a0WQbaj9BtaFFX01k9z3Ay3mtjV:IvXWPXIWxYA6VFHRN7JU9WR9zBgJ
                                                                                                                                                                                                                                MD5:017ABFFD5A1A2A07EC6F12897105D59C
                                                                                                                                                                                                                                SHA1:D95391E5D5EDA9245781E1C12BA1C3312323FFE5
                                                                                                                                                                                                                                SHA-256:D263DAEF076ACC961F1213E267DC0852E118636BA765D08FD6173AC16F2A61D6
                                                                                                                                                                                                                                SHA-512:21000425F051DA258D7FBA3E4E1E4B67F5C064E04D00DCBF69C41355E40AF1EDC1DBE2FC61B3431942961FF1F39866EE3D78B8F487495177D350F55841A58F6B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............v/... ...@....... ....................................`.................................$/..O....@..................()...`......./............................................... ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................X/......H........ ...............................................................*.*.*.*.*.*.*.*.*.*.*.*.*.*..z..z..z..z..z.*.*.*.*.BSJB............v4.0.30319......l.......#~..........#Strings............#US. .......#GUID...0.......#Blob...........G..........3....................E.......'.........................U...s.U...F.U...[.B...u.............U...A.*...=.*.........-.*.....*... .*.....*.....*.....*.....*...[.U.....U.....U...o.U.....................x.....d.....$.....".............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Compression.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21288
                                                                                                                                                                                                                                Entropy (8bit):6.499538000033182
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:qYKCFydzlz7z2ZdoWLWyCLWWYA6VFHRN798MYMTR9zU:L8dzlz7z2Z0VFClog9z
                                                                                                                                                                                                                                MD5:139E336764454573ACF15918B9576DA4
                                                                                                                                                                                                                                SHA1:44E2D5F4984D03DFCDB9290A9739A1FA8C07E8C0
                                                                                                                                                                                                                                SHA-256:73D676C93652377BC27CF599D9BE7793C1B19A3002C730D75C7AB93E3EBB8639
                                                                                                                                                                                                                                SHA-512:7961AA303811DC578653A8FBD15254C5EA6182EF7024150C9E885652E661986FD956351EE5A764B13501F7D4193D0831677AD2F58D6773174E59914791F80C36
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.. ...........?... ...@....... ..............................(2....`.................................t?..O....@...............*..()...`......X?............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................?......H........".......................>........................................(....*..(....*..(....*..(....*..z..z..z..z..z..z.*..z..z.*..z.*..z..z.*.*..z..z..z..z..z..z..z.*.*.*..z..z.*..(....*..(....*..(....*..(....*..z..z..z..z..z..z.*..z..z.*..z.*..z..z.*.*..z..z..z..z..z..z..z.*.*.*..z..z.*..(....*..(....*..(....*..(....*..z.*..z..z..z..z.*.*..z..(....*..z..z.*..z..z..z.*..z..z..z.*..z..z.*..z..z..(....*..(....*..(....*..(....*..z..z..z..z..z..z.*..z..z.*..z.*..z..z.*.*..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20760
                                                                                                                                                                                                                                Entropy (8bit):6.595123359885836
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:EZ+ju+o2e4BUxW7WVbW5CX6HRN7bDFDR9zTPUKBe:EZSLo2DB+HW9l9zAKc
                                                                                                                                                                                                                                MD5:5481C3BC75F375DF4D41CC349766FFD9
                                                                                                                                                                                                                                SHA1:6D2C91665E5DD2FF72F2E016E1CA9B052C21C268
                                                                                                                                                                                                                                SHA-256:1BE608AB52B52D35CED252D87633CDF2F55F6937ACB1AC4A4A36FF3CBDCAE111
                                                                                                                                                                                                                                SHA-512:1AFA3670B5964FD40585D34F56609483C61FAEE82668E01FE6A153F80204EF5800DB2E89D3E9B8C9F2515BF56B1C6124EA0EC1213F0E0E76F7E98466180D1BAE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c..........." ..0..............<... ...@....... ....................................`..................................<..O....@...............(...)...`......l<............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................<......H.......p!..|....................;........................................(....*..(....*..z.*.*..z..z..z..z..z..z.*.*..z.*.*.*.*.*..("...*..("...*..("...*..("...*6.......(....*6.......(....*6.......(....*6.......(....*..z6.......(....*6.......(....*6.......(....*6.......(....*..z&...(....*..z..z..z..z.*.*..z..z.*.*..z.*.*.*.*.*.*..z..z..z..z..z..z..z.*.*.*..BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........W...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17688
                                                                                                                                                                                                                                Entropy (8bit):6.65318362345905
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:ACZEj6E6eKxkzC3LJWUFyWgWbQWxNzx95jmHnhWgN7acWCSkVrVwKUWX01k9z3Ak:AK86EoHLJWUFyWtbPX6HRN7/K2R9zU8
                                                                                                                                                                                                                                MD5:37D5D33F349C304DA41AB8905ADA2946
                                                                                                                                                                                                                                SHA1:3F21E5EA37FE9022A1DE1C9D44889D105C35DA1C
                                                                                                                                                                                                                                SHA-256:0FD5E21535298C58EDCC0774778207B562D3C08E70088AD34E47C69E47FA356C
                                                                                                                                                                                                                                SHA-512:2CF492998E31C20550DF0AB66C54F6BE14F2D8E82DB06DF56D607DC54366BCE228A3AF1156A130E10E3D88477D72125E554790A1127250B30A63672B481E055E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.N..........." ..0.............20... ...@....... ..............................j.....`................................../..O....@...................)...`......./............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H........ ......................D/........................................(....*..z..z..z..z..z..z..z..z..z.*..z.*..z..(....*..(....*..(....*..(....*...BSJB............v4.0.30319......l.......#~..P...h...#Strings............#US.........#GUID...........#Blob...........W..........3........!.......................................................................K.......................l.P.........................................................k.....C.....3.......................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.821694638098971
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:z1qGW/dqWMYA6VFHRN7eVXC4deR9zVj7qgTyS:z1qtgFCleVXC4dC9zVjBTN
                                                                                                                                                                                                                                MD5:67EBDED0179552C303E213781BA5DB4E
                                                                                                                                                                                                                                SHA1:BAC421FF4E7F2CE0CA3073294E19B6C19B587F74
                                                                                                                                                                                                                                SHA-256:7C2AEF2BD75EB88874D980358D91C66DE8919DC887FA94CF1EDD770C3A8E5F74
                                                                                                                                                                                                                                SHA-512:5A8EA7ABA4E118036898625CA47D6842EF0E5FB19DF1B847BDB5DFF73ED52ADBEC7CABB26D54CD8D44605178E355143814FAE6697ACA27FC292866A6302BBE8E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............)... ...@....... ...............................;....`.................................k)..O....@...................)...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21304
                                                                                                                                                                                                                                Entropy (8bit):6.558670376342656
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:C4Vbqks4MHtMisqrabwnWyhuWoX6HRN7TY8KER9zlftGDP:PID4frsYWU8R9zltG
                                                                                                                                                                                                                                MD5:2074A52D41887620C296D960C7D6E1AC
                                                                                                                                                                                                                                SHA1:BDC46CBB859FC6BFB10111099964E6B2621B897E
                                                                                                                                                                                                                                SHA-256:FD0CA04549D6602ACA338D17B46016096B6EC289B6E43D74E24ED87BC401CFAA
                                                                                                                                                                                                                                SHA-512:F67DF7A61CB7B3C789192C7A77824160C804730A73DD6D7E93856E0D4394B4B7416543AF4596C1F39BC48569FAD4F59625CB0A4C933A062873534F56DC545248
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ...........>... ...@....... ..............................<]....`.................................<>..O....@...............*..8)...`...... >............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................p>......H.......$!..|....................=........................................(....*..z..(....*..z..z..z..(....*..(....*..(....*..z.*..z.*..z..z.*..z.*..z.*..z.*..z.*..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..z..z..z..(....*..(....*..(....*..(....**....(....*..z..z..z.*..z.*..z.*..z.*...BSJB............v4.0.30319......l.......#~..X...4...#Strings............#US.........#GUID...........#Blob...........W..........3........-...........J...L...............L...................(.......

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.FileSystem.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.72885945570015
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:iW4RH8FxAvoeTbWyp2WUoWxNzx95jmHnhWgN7agWnY00pyEuX01k9z3Aly+KIQx8:34RH6FyWyp2WUHX6HRN7CEpcR9z0BSte
                                                                                                                                                                                                                                MD5:5591B6C98BCFC539D04FB4116CD1D18B
                                                                                                                                                                                                                                SHA1:330F3ED4D9B6546364FD04E78DB1EAC9CDAE050D
                                                                                                                                                                                                                                SHA-256:4A61B376B6E77FC3FB20ED4ACDA6DBDCBE22D9BC30BF4E06925C003ECA391269
                                                                                                                                                                                                                                SHA-512:F47FD870FA993ABFFB90C575AD94EFE1FA347944C0435102065146477B2BF1E60EF9493647538949EB19173F4864188F4D407D4B997A5FCB33E653C5A184E410
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............+... ...@....... ....................................`..................................*..O....@.................. )...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22832
                                                                                                                                                                                                                                Entropy (8bit):6.558128142880271
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:tIJCsHQs8jPIiCtCZdRS48WokBWYlX6HRN7M9bt5R9zExXbgM:tIJCBjxDZf1hzWsx9zSgM
                                                                                                                                                                                                                                MD5:B0444C7325D927EEE07BF33F96B7850D
                                                                                                                                                                                                                                SHA1:4E1F592E532DC6794124663CC7BC051C119EEE04
                                                                                                                                                                                                                                SHA-256:F432F5FC3025402C3A4035865CD96F1D9D0367616438C4120ABE2DE11CA237F2
                                                                                                                                                                                                                                SHA-512:55D14FB810C7ED334D5A33D3980F274E9C793E69C7B2AF46B725F32934AE9ED3C1679AF39F23D7A8D877312CAEE691CACCA591F66AC1FC09A480F41C1B6B7808
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D............" ..0..&..........&E... ...`....... ..............................G.....`..................................D..O....`...............0..0)...........D............................................... ............... ..H............text...,%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........!..t"..................8D........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z.*.*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..z.*.*.*.*..z.*.*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..z..z..z.*.*&...(....*&...(....*&...(....*&...(....*&...(....*&...(....*&...(....*&...(....*..z..z..z..z..z..z..z.*..z..z..z.*..z..z.*.*.*..z.*..z..z..z..z..z..z.*.*.*.*..z..z.*.BSJB............v4.0.30319......l...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18712
                                                                                                                                                                                                                                Entropy (8bit):6.655680866040988
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:pqQ7Kk8didV30D7c4XwPxcmVWWV7sWPWOWxNzx95jmHnhWgN7acWBoKDUX01k9z0:AcvI17Xw5kWV7sW+VX6HRN71pR9zldKb
                                                                                                                                                                                                                                MD5:BBF005A7905A8579B066610AB3001F2E
                                                                                                                                                                                                                                SHA1:7CD95D6D0FD2DDD9E36111DE4B560F6CAE1FA0CC
                                                                                                                                                                                                                                SHA-256:ECEABD2A07F27D377AA43CBA3D0375213C9732048BEBCF919BA033EA9EF94329
                                                                                                                                                                                                                                SHA-512:4DF8D96AA21E5E713F122E975102975045ACAC8C881D1DAD355CC8266FCA2FF3A981012BE1B20E05B71AFA0E4AFCEDE70ECEE75004A2275F8B07598E2D7774A7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^%............" ..0.............^5... ...@....... ...............................F....`..................................5..O....@............... ...)...`.......4............................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@5......H........ ......................p4........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..z..z..z..(....*..z..z.*.*..(....*..z..z.*.*.*"..(....*..z..z"..(....*..z..BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........W..........3........!...........*...C...............*...................................d.....7.....L.....-.......}.........2.f.....f.....C.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19240
                                                                                                                                                                                                                                Entropy (8bit):6.610145283886072
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:u55Tg5HUqRW+WPWNYA6VFHRN73HUqIBHR9zQZv:AkH3W+FCl3Mf9zyv
                                                                                                                                                                                                                                MD5:4986101DCB619DB38D49FFC6713C74EE
                                                                                                                                                                                                                                SHA1:E3A8E129D7BB2F7E025430752526B59F0DEDEFE9
                                                                                                                                                                                                                                SHA-256:ABAA036A59E0FB51A380271324A8E3E37539C1BAA56720FDDBDFFF5A0176086E
                                                                                                                                                                                                                                SHA-512:59665F37A9D9399A0BF0BD684B68BC2822607830F0781954654C9080AEFC2F28EB302EC3EA0A36B271C1DD99DC8821FBDC50875DE3933E3873C1CB9582834891
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%B..........." ..0.............&6... ...@....... ....................................`..................................5..O....@..............."..()...`.......5............................................... ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H........ ..l...................85........................................z..z6.......(....*6.......(....*..z6.......(....*6.......(....*..z&...(....*..z..z..z..z.*.*..z.*.*..z.*..z.*.*.*.*.*..z.*BSJB............v4.0.30319......l.......#~......t...#Strings....t.......#US.x.......#GUID...........#Blob...........W..........3........+...............5...........%.....................................4...?.4.....4.........o.....Q.b.....4.....................j.b.........x...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.Pipes.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21808
                                                                                                                                                                                                                                Entropy (8bit):6.54690523919293
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Cjwdp8K2N2bCJW/96WUPX6HRN7Z9bt5R9zExqM:C8dZddMWrx9zQ
                                                                                                                                                                                                                                MD5:BC6ACE0C39C969E16A0F8D8BE8CBC00F
                                                                                                                                                                                                                                SHA1:8D2CEBAF26D3665589C4D8DD60B40D68A2E3EC48
                                                                                                                                                                                                                                SHA-256:A80EF224E202D897DBF18940CE3715ACD5556A44534210A52D46A49C3BEEF19F
                                                                                                                                                                                                                                SHA-512:4DF8EB0EE9F0A2DBBA545DF4C67362B6D7E9430C3BDA50F6D78213DF5CD5095B96CE9B08F123A34012336A45AEDE109A526C60B54B7C3C21835B0532CCD8722F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1G..........." ..0.."..........NA... ...`....... ....................................`..................................@..O....`..X............,..0)...........@............................................... ............... ..H............text...T!... ...".................. ..`.rsrc...X....`.......$..............@..@.reloc...............*..............@..B................0A......H........"......................`@......................................&...(5...*&...(5...*&...(5...*.*..z..0.............(.....*..................&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*..z.*..z.*.*...0.............(.....*....................z&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*..z.*.*.*.*..z..z..z..z..z..0.............(.....*..................&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*&...(5...*..z.*.*....0......

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15632
                                                                                                                                                                                                                                Entropy (8bit):6.829247129940496
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:PWvewMxAqj5WjB+WvpWjA6Kr4PFHnhWgN7agWzFY00pyEuX01k9z3Aly+aI4O:umwaJWjB+WvYA6VFHRN7wEpcR9z0BSO
                                                                                                                                                                                                                                MD5:971EE5253BB544A7B2B3A1077C2C6008
                                                                                                                                                                                                                                SHA1:FCE7DB0F757434DF870CC2113DDD67B893C56CE7
                                                                                                                                                                                                                                SHA-256:5B614D49BBA36FF77CAA7A760A1E2C1642435A1FA949BF3BD25015BFFF91473C
                                                                                                                                                                                                                                SHA-512:EBB00CFB6916B79A49FD1B6E0F9C7D77373B747D452466D09CD6689297287C8FE7AFE45E5C341B46998AE7D716D62EA88CE3B0EE26D87263C83DA4735FBE344F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............." ..0..............)... ...@....... ..............................n.....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.IO.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16144
                                                                                                                                                                                                                                Entropy (8bit):6.68496802568185
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:7283vFlW2ybWaYA6VFHRN7Uxl/7R9zj2IU9S3N:K6F+pFClelF9z6R9C
                                                                                                                                                                                                                                MD5:A341F35D1B875B0C07079117BA94DD5B
                                                                                                                                                                                                                                SHA1:1302496E225CC36B8DDFC838CA39061936EFCE0F
                                                                                                                                                                                                                                SHA-256:FFC7D4206C7B0C9E92C69A00120CE0859440709E8E5E5EB476572985EA040023
                                                                                                                                                                                                                                SHA-512:89A55CCFC5E4ED80B44E92941CBAD65BDD90E48FC0874DC712F1549BAF557EC85A7BC960B18D304DB311D996918653A771A78808B5D5AB150B4B2DFD33A4A757
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0..............*... ...@....... ....................................`.................................7*..O....@..(................)...`......d)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................k*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID... ...t...#Blob......................3............................................................=...........h.....#...........S.....i.....8.............................Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Expressions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):63280
                                                                                                                                                                                                                                Entropy (8bit):6.252325612412102
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:CggJTplSg1BmHNGzqRzzCCE/1iYt/5cuUzzZlbzWe9HYvpOPIRSe/WPf9zF6:7glpz1UHszs0xiplHd4vpUe/W9zF6
                                                                                                                                                                                                                                MD5:ADE10F68639401E1688EA57077BDFA09
                                                                                                                                                                                                                                SHA1:FE12CEBAD5BDADD8E347B160033FE45D9E7EC870
                                                                                                                                                                                                                                SHA-256:A012D6089CB9132DA820DBC38F00F5256B125BBA4BF73C5B66BC9809DEF71D85
                                                                                                                                                                                                                                SHA-512:1DCEF769142F1731699645CC36FCDB0DA40EE0AC0E8D3D5D808296381AD66437B495CE629D988A1DD7D6F073EF766503346487D3FF0A3B5E5A5B2F9F7D07190B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... .......................@......o.....`.....................................O.......................0)... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......D+......................@.........................................(?...*..z..z..(?...*..z..z.*..z..(....*..z..z..(?...*..z..(@...*..(@...*..z..(?...*..(?...*..(?...*..z.*..z..z.*..z..z..z..z..z..z.*.*.*..z.*..z..z.*..z.*.*.*.*..z..z..z..z.*.*..z..z..(?...*..(....*..z..z..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..(?...*..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..(....*..z..z..z..z..(....*..z..z..z..z..z..z..z..z..z..(....*..z..z..z..(....*..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Parallel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):31520
                                                                                                                                                                                                                                Entropy (8bit):6.217665042292159
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:NV7qjV5W1G94Bq7f3gkK+f6CsbWA992DMl+0v3lWvR6r9W+daWYxnX6HRN7J/7Rt:/7qp8G98M244dv3lWv8t0xXWJF9z68
                                                                                                                                                                                                                                MD5:F4E81416C683612247E489080FA2BFA2
                                                                                                                                                                                                                                SHA1:58E6B8369621634AE71C9D40BFFC81A19CF2821B
                                                                                                                                                                                                                                SHA-256:E62F1767FBF1954B02A94D2CEB2382F4EF3A9995B712F7EA7D0B64D684035C2E
                                                                                                                                                                                                                                SHA-512:2B53D8C4586CB94342D4519F71FA47471B6938BA6A494D9F92E4580099FD03940444D51855C76C19BDCAD12519390E8F697B4B1C7705F8403DC23C91C2D7CB21
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]............" ..0..H...........g... ........... ....................................`.................................Pg..O....................R.. )..........4g............................................... ............... ..H............text....G... ...H.................. ..`.rsrc................J..............@..@.reloc...............P..............@..B.................g......H........"...C...................f........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.Queryable.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):31024
                                                                                                                                                                                                                                Entropy (8bit):6.307170578860737
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:a0prmbFIbMq777caGfGqNlAIHaUuzMImunE37mYXW00BWxXX6HRN7Daw8bIBHR9n:RprmRTq777BGeWpzudAWDuUf9z88
                                                                                                                                                                                                                                MD5:C042087E14E82C77B1B63B282F0414D2
                                                                                                                                                                                                                                SHA1:BFEAFB364E820099F54AFAAC26AAF456EF484AF3
                                                                                                                                                                                                                                SHA-256:F04DF7F8E4382AB833F5579C29E0A466B5B5D023C059BDA40909E9AAA1E576BC
                                                                                                                                                                                                                                SHA-512:8E1AA3939246D7386586412964A54324130423DD28F5575A7DE93D42B19CA7670E369768B58869548BA859889897FF16C299CB23CA61D15210660E1179D83BF1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%............." ..0..F..........Fd... ........... ..............................L/....`..................................c..O....................P..0)...........c............................................... ............... ..H............text...LD... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................(d......H.......p"...@..................Xc........................................("...*..(....*..("...*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32544
                                                                                                                                                                                                                                Entropy (8bit):6.182436057491566
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SUFeLvM9de3L1xgsj1X+AvPGgaE27x3tMpFPdMQk5/mW0GvWzQ+YA6VFHRN7UfpV:BvebxX+gPGz7U7lMQkHy9FClUfY9zC
                                                                                                                                                                                                                                MD5:26AFE4106C6528BCE1E11474FFD7BE8A
                                                                                                                                                                                                                                SHA1:20C5EDE71E3B542EF70D58A635E5ED6E8AB6D355
                                                                                                                                                                                                                                SHA-256:601AB60064A3ABEEB92D809829F2F1DC33CEADEF682E489CEB019B94AE8780F6
                                                                                                                                                                                                                                SHA-512:C7B29E83515A45B8A24A3857500D10ECC77B0EBB0A5FF283B2EBC8FD039B20BE9ECB9D6BB6EC939D62C4EAF3A79DB3770B9EF0511208DA537ADD5625AB299B17
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W............." ..0..L...........j... ........... ....................................`.................................|j..O.......8............V.. )..........`j............................................... ............... ..H............text....J... ...L.................. ..`.rsrc...8............N..............@..@.reloc...............T..............@..B.................j......H........"...F...................i........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Management.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):73480
                                                                                                                                                                                                                                Entropy (8bit):5.973417229647414
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:r/SDXm3gh3nbTDm/INTVEBthoQDUkiSLJKdblqFClhdK9zR:r/oXmEnbT9Ro2QDUxS9ypGiSzR
                                                                                                                                                                                                                                MD5:9217189460DFEA7E9664B600165FECF0
                                                                                                                                                                                                                                SHA1:35DDA8CE567B7D050E369EE6D9A1E236899E5713
                                                                                                                                                                                                                                SHA-256:8A018BC87C07822F02B9BFA779156264BABD25BCE5000323B5BDAD47D1C5CCB5
                                                                                                                                                                                                                                SHA-512:D4DE83F730C24FEA652A370B9722520790EBEAD5CD78B221B8A1A33CD572AEA0148BE18A17FCF6A6376279E3848CD41C28BB755FDE8B05C1C9CAD242D3F0ED0A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..........." ..0.............~.... ... ....... .......................`......}.....`.................................+...O.... ...................)...@......P...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................_.......H........@...................+...........................................0..........r...p..("...-..*.*.~....*....0..........(....,..*..(.....o#......&...*...................0...........(.......($...-..,..*.*.(....,.rO..p......%...%...(%...*..(&...*.(....,.rO..p......%...%...%...(%...*...('...*.(....,!rO..p......%...%...%...%...(%...*....((...*..,&(....,..rO..prO..p.(%...()...*..(*...*.*.(....,.rO..p......%...%...(%...*...(+...*.(....,.rO..p......%...%...%...(%...*....(,...*.(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Memory.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):53528
                                                                                                                                                                                                                                Entropy (8bit):6.11573551997729
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:E5KyOGKfwrtkxJhyAKEnuQIV6wogO/2yNzZKHN38cW79zw:5yOGK2tkJLIWgO/nkMcWRzw
                                                                                                                                                                                                                                MD5:EF0F28A17A0FD7C96EA51FD33EFF9250
                                                                                                                                                                                                                                SHA1:DAEDEF754564CF5018F07783150969426332DBB9
                                                                                                                                                                                                                                SHA-256:B094D891A61AFFBF1604D68E0874891163D1DAFEE2E42F057BDC9A3A1E491F91
                                                                                                                                                                                                                                SHA-512:ED4318EAA0E687C7054A765E6D6D7F96229EB67452BD5BC7A4B2B7DA96C5C79866E62061CCFB574727D12B9B81E0471AFE1B617C0762DC0A5F375FFEBF2EAD7B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*r..........." ..0................. ........... ..............................\.....`.....................................O.......H................)..........d................................................ ............... ..H............text....... ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........&..P............................................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Http.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.435076147032313
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:L2WTW4zen3QMGqL2YQWmFCWiYA6VFHRN7YkELRPR9zjOFR:rMN6YSeFClDQ9zKX
                                                                                                                                                                                                                                MD5:554931768B7F276CBBFF0B529BB1B352
                                                                                                                                                                                                                                SHA1:8241F2B99DAECEE8EE2462EF2ABBEDBBD59D0172
                                                                                                                                                                                                                                SHA-256:05551D3689B4F07B604785FC1EA1A640D3E14F03863E7345A4F5D06D60756854
                                                                                                                                                                                                                                SHA-512:F7B134CC235B0F7026076EB0E93F1BC969E4B5E8EE634EF213ED3430ECE768A1AEAE499FC9646F3E31466843A6CABCF60D7E1263E45F7A12A8ABBAAE9E042AEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..*...........H... ...`....... ..............................[.....`.................................xH..O....`...............4..()..........\H............................................... ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H....... !...&...................G........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z.*..zBSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID.......(...#Blob...........G..........3........).......D...).......?...[.......................,.....v.........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Http.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):60192
                                                                                                                                                                                                                                Entropy (8bit):6.3314327645097945
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:sbHsGmdWgXQjHe4Od9UGM2iPzh8v0xX/wSpP6qQWtEpw9za8:ssS+NdDM2iN8epS3WtEp4z3
                                                                                                                                                                                                                                MD5:0E5157B9B23BCEFBE65D25FF3E5BF83D
                                                                                                                                                                                                                                SHA1:8441CC06ACC4E3ED79DD71FA314D49624B9963E7
                                                                                                                                                                                                                                SHA-256:CC6E6DB25221ACEA5F911D92EF234C7929DF3C2B6A94295D69D2A147D4AC246C
                                                                                                                                                                                                                                SHA-512:90A6530F2A3B3C3FB8DD564DD41DEF0E28A9972B4B25C3C1BDEB6972D300343165F41436F4689C79C0C16754B3434B9E81A25EDE88360B0EFD577894A5C8B376
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0.................. ........... ....................... ...........`.....................................O.......X............... )..........d................................................ ............... ..H............text....... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H........*................................................................(....*..(....*..z..z.*..z..z..z..(....*..(....*..z.*.*..z..z"..(....*..z"..(....*"..(....*"..(....*..z.*..z.*..z..z.*..z.*..z.*..z.*.*..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..z..z.*..z.*..z..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z.*..z..z..z..z.*..z.*..z.*.*..z..z..(?...*.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.HttpListener.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):25896
                                                                                                                                                                                                                                Entropy (8bit):6.449577938766176
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:EDQDHOtakgRQa9hdcQZEYMtsm5Acp+Sk9WHN6WrYA6VFHRN7fZjfYlORR9zI9:6QDmakgpWyEpP5Vp+4XFClheK9zM
                                                                                                                                                                                                                                MD5:014FEEE6A271EA87F2EE2729A68DDEC3
                                                                                                                                                                                                                                SHA1:FF89BF364F12C7F924E334F63D6B080D68CAE180
                                                                                                                                                                                                                                SHA-256:61444215DB4F4DF21E875B181DD0FDE3C72873E61B6AA5DD222EEF845EB82033
                                                                                                                                                                                                                                SHA-512:05EF5C2E34091F4B43D831DC6355998C99B4C6F4DAF334102CAB22D09797490C24F6E4A5FE8D6844DCB2D9F485F38064F872814215F80CD2A5496DC08577571F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."..........." ..0..2..........jP... ...`....... ....................................`..................................P..O....`...............<..()...........O............................................... ............... ..H............text...p0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................LP......H.......$"..X-..................|O........................................(....*..z.*..z.*..z..z.*..z.*..z.*..z..z..z..z.*..z..z.*.*..z.*..z..z..z.*.*.*"..(....*..z..(....*..z..z..z..z..z..z..z..(....*..(....*..(....*..(....*..z..(....*..z..z..z.*.*..z.*.*..z..z..z..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z.*..z.*..z.*.*.*.*.*.*.*.*.*.*.*..(....*..z.*..z.*..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Mail.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32024
                                                                                                                                                                                                                                Entropy (8bit):6.368386501956471
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:qDgovauLwDujlMXub5GJIfj6ZISWlke9zH29:mgovaAeeYIfmZISWlkazS
                                                                                                                                                                                                                                MD5:5D401D6CAAD2D2106106BA486C3BE3E9
                                                                                                                                                                                                                                SHA1:3AF75BB027E89987DEF7FBC3565EC0BF8C5ACCA7
                                                                                                                                                                                                                                SHA-256:E45EC884D6B2BC2C1BE029205EA70E75CD6B2DA2EA68A433037A873436AEB5C3
                                                                                                                                                                                                                                SHA-512:7BE00F93F20CE0F1B5AFEA2B1F6939673F72E4B011F883E606CF397B00A99E60904C92A6DBCB2542C657228429F98C3535CA6E1D3E4342018FCCD8A435800C28
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..J...........i... ........... ..............................2.....`.................................4i..O.......X............T...)...........i............................................... ............... ..H............text....I... ...J.................. ..`.rsrc...X............L..............@..@.reloc...............R..............@..B................hi......H........#...D...................h........................................(....*..(....*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z..z..z..(....*..(....*..z.*..z.*..z.*..z.*..z..z..z..z"..(G...*"..(G...*"..(G...*"..(G...*"..(G...*"..(G...*..z.*..z..z..z..z.*..(....*.*.*.*.*.*"..(G...*"..(G...*"..(G...*"..(G...*"..(G...*"..(G...*..z..z.*..z.*..z..z..z..(....*..(....*..(....*..(....*..(....*..(....*..z.*..z..z.*..z.*.*.*..(....*.*.*.*.*.*"..(G...*"..(G...*"..(G...*"..(G...*"..(G.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.NameResolution.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18200
                                                                                                                                                                                                                                Entropy (8bit):6.657836938351909
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:Pam6YmBdKgtxDA62f+Wko1WfWxNzx95jmHnhWgN7agWgkxwVIX01k9z3AXatrb:Pamp6dKgXlq+Wko1WAX6HRN7SR9zEKrb
                                                                                                                                                                                                                                MD5:31493FD653E19404ACC79EDF7BA27E53
                                                                                                                                                                                                                                SHA1:4F82742C235831BC90FD4836194215E9565A2C5A
                                                                                                                                                                                                                                SHA-256:93BB2CE07969AC8C438D6F953316A2FE8F07733EC1E047E1F0B149E6F2A47315
                                                                                                                                                                                                                                SHA-512:3B6B6E42B7B53CBE969D38C8D4469B77FE464777411150158A9038D7A26141646DB5681E651E3A0F16AA533685C707C7E61E2CE241E68EA915604D769C45B2D2
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f..........." ..0..............2... ...@....... ...............................+....`.................................t2..O....@...................)...`......X2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ .. ....................1........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z.*..z.*..z.*...BSJB............v4.0.30319......l.......#~......<...#Strings............#US.........#GUID.......L...#Blob...........G..........3................!...............*.........................0.......................................[.......y.....y...,.N...#.......y.....y.....y...B.y..._.y.....y.....y.........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):34104
                                                                                                                                                                                                                                Entropy (8bit):6.325893262205253
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:wHL8Mes65dBNUsjmii/Dlj6enp1hMSBdLBUN7WpB+WNX6HRN7yoJR9zgKA:Ay0+m9ZjRCwBv9W99zM
                                                                                                                                                                                                                                MD5:E99C7AD088527D5019EA62CD0D6D8267
                                                                                                                                                                                                                                SHA1:13CEE4BE21F0918B766C8FE7B89A2258974DB73E
                                                                                                                                                                                                                                SHA-256:AC576014D1B9150DE6D9B83973F0485706DFC5EC17725A9D31EB413649756693
                                                                                                                                                                                                                                SHA-512:D421C861415540BD86494340337A7C2D7974D91ADDB9C67747672B645A11302457555206876278BF96C7BC97FF976EDED53FE483EB930D83BEC46F6D37EE10D1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)..........." ..0..R..........&p... ........... ....................................`..................................o..O....................\..8)...........o............................................... ............... ..H............text...,P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................p......H........"..4M..................8o........................................(....*..(....*..z..z..z.*.*..z.*..z..z..z..(....*..(....*..(....*..(....*..z..z..z.*.*..z.*..z..z..z..(....*..z..z..z..z..z..(....*..(....*..(....*..(....*..(....*..(....*..z..(J...*..(....*..z..z..z.*.*..z.*..z..z..z..(....*..z..(....*.*.*.*.*.*..(....*..(....*..(....*..z..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..(....*..(....*..(....*..(J...*..z..(....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Ping.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20776
                                                                                                                                                                                                                                Entropy (8bit):6.537851875179542
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:GYojxGwgABojKEGpBRoLmbOEESYWxjkWMYA6VFHRN7U99WR9zB8k:G5RDbXEUuFClt9zB
                                                                                                                                                                                                                                MD5:290B6962C04F69D671D692DDB90899A3
                                                                                                                                                                                                                                SHA1:E70F60523B1A5ED5DF2DED7F26EE21255282901D
                                                                                                                                                                                                                                SHA-256:BC6D111158BA64CCFD97EA17385138BA4C0D558E496702F925670C5517F67C8A
                                                                                                                                                                                                                                SHA-512:6536C531831AE0A3C34F0C220F2853B13E2639F307D5380DC7BE4DDA780C52B02E0E25B3292687ED7066EA7EF55034AF47A6948895A5B141C7F3BC61C17C7EC0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2............." ..0..............<... ...@....... .............................../....`..................................;..O....@..X............(..()...`.......;............................................... ............... ..H............text... .... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B.................;......H........!..$...................,;........................................(....*.*.*.*.*..z..z..z..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*..z..z..z..z..z..z..z..z..z..z*....(....*..z..(....*..(....*..(....*..(....*..(....*..z.*..z.*..(....*..z..z..z..z..z...BSJB............v4.0.30319......l.......#~......p...#Strings....l.......#US.p.......#GUID...........#Blob...........W..........3........'...........7...l...........=...........................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):36136
                                                                                                                                                                                                                                Entropy (8bit):6.4480066359744
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:uMV292308yMbIYSGTpmGleL5cVMOl1uFClqK9zF:QE30J4NmGle1cVMOl1qiJzF
                                                                                                                                                                                                                                MD5:DD67A21E24B1C3BA58F2440A71948DF8
                                                                                                                                                                                                                                SHA1:926BF971ACA9A854031767538E2C9AB18D5451AC
                                                                                                                                                                                                                                SHA-256:2C9723F1AF44CECA68B9C92DD51789D5F2508ADBC41E107149AC266BAEA09FE4
                                                                                                                                                                                                                                SHA-512:94A21F27CDE2BD66F12A104FE3E8C1D3F1B23A0A2C7614308F6F9BF0160CC8E607453887E1F263A2ED4750CF27EFC1EAED820783CB4BFFE1BD6F2E296552AE8D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....P..........." ..0..Z..........ry... ........... ..............................@_....`................................. y..O....................d..()...........y............................................... ............... ..H............text...xY... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................Ty......H........#...T...................x......................................"..(+...*"..(+...*..(,...*..(,...*..(,...*..(,...*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z..z..z..(,...*..z..z..z..z..z..z.*.*.*..z.*.*..z..z..z..(,...*..(,...*..(,...*..z.*..z..z.*..z.*.*.*.*.*..z..z..z.*..(-...*..(-...*.*.*..(,...*..z..z.*.*..z..z..z.*.*..(^...*..(^...*..z..z..z..z..z..z..(,...*..z..z..z..(,...*..(,...*..(,...*..(,...*..(,...*..z.*..z..z..z..z..z..z..z..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Quic.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22312
                                                                                                                                                                                                                                Entropy (8bit):6.582987376151981
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:tsqbB+FnGdbyG4IZv/WvtKWUYA6VFHRN7MYlORR9zINX9:2qbBIyaAFCljK9zkN
                                                                                                                                                                                                                                MD5:ECD025669C4A2AF92B74FC2007458BD5
                                                                                                                                                                                                                                SHA1:03A05267A70C898133D7CB6DE305CBB460FBA215
                                                                                                                                                                                                                                SHA-256:D1EDE4E5B26988ACE9A902D09BB24685CB29FB7F8E1DAC5F823945EB7F3026BB
                                                                                                                                                                                                                                SHA-512:7D55AD0E94EFF755DBB88CCF684D6DB8F6492407426CA6E9C93DFEEAF167B40CB03E0DA47B33BCA40E710AEA22BF77BB4188434329B230DEE83C5AB0F8838CAE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$...........C... ...`....... ....................................`.................................\C..O....`..X...............()..........@C............................................... ............... ..H............text....#... ...$.................. ..`.rsrc...X....`.......&..............@..@.reloc...............,..............@..B.................C......H.......|!..D!...................B........................................(....*..z.*..z.*..z.*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..z.*..(....*..z..z..z..(....*..z..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..(....*..z.*..(....*..z..z..z..z..z..z..z.*..z..z.*..z..z..z.*.*..z..z.*.*..z..z.*.*..z..z..z..z..z..z..z.*..z.*.*..z..z..z.*...BSJB............v4.0.30319......l.......#~......l...#Strings............#US.........#GUID.......D...#Blob...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Requests.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):37680
                                                                                                                                                                                                                                Entropy (8bit):6.368866216178921
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:9aQng8bsHrIVcBQZVvOTvH+p0ohYtgR/bQuWrds9za:9voLaHy7ZBuWrdkza
                                                                                                                                                                                                                                MD5:B7896E5150803E93A3AE47A9E0AC8F66
                                                                                                                                                                                                                                SHA1:9AAC7829C6D3C583FD42E038EA0002D4C8D8E18E
                                                                                                                                                                                                                                SHA-256:487CF5E7E8C2A657504B2B8F8E939C8F58E16B369A4049E3B5FBD0F562E4F4AB
                                                                                                                                                                                                                                SHA-512:23941F02069CB5408B11BDF505F2C42BE09FAFA92908575E932F2578BCECA2A17294A38273C9589EEA76B0CD6830F21307CCD0EC08A242553E5C2DBEDB2D7ABE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... .E..........." ..0..`............... ........... ...................................`.................................|...O.......x............j..0)..........`................................................ ............... ..H............text...._... ...`.................. ..`.rsrc...x............b..............@..@.reloc...............h..............@..B........................H........$..XZ...................~........................................(....*..z.*..z..z..z..z.*.*.*..(....*..(....*..(....*..z..z..z..z.*..z.*..(....*..z.*..z.*..z.*..z.*..z..z.*..z.*..z.*..z..z.*..z.*.*..z..z..z..z.*..z..z..z..z.*..(M...*..z..z..z..z..z.*.*..z.*..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z..z.*..z.*..z.*..z.*.*..z..z..z..z..z..z..(M...*..z..z..z..z..z..z..z..z..z..z.*..z..(....*..z.*..z..(....*..z.*..z..z.*..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Security.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):53016
                                                                                                                                                                                                                                Entropy (8bit):6.496227608007125
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:9+2niGe48ueHkf2q6gdD0Pxm+6W9e9zH9:9+2niGV8zH/qRyX6W9azd
                                                                                                                                                                                                                                MD5:016FB24BC02F9CC6B22BA26AD0786D0F
                                                                                                                                                                                                                                SHA1:26EB6AC036E66B85FE908B3665A6AD2DA469B692
                                                                                                                                                                                                                                SHA-256:B09BB0D5442BA63DA50F68D79917364D9A44E31D842D8EBEC2B93AEE594D1C30
                                                                                                                                                                                                                                SHA-512:B104FBAB7921C85502E4DB493CF5782ED5B0F178055F59BE529246F89B94A0D39AC6E356CB4DB1811E69387916063E66FC6976AA66DA912EFBF5C013D596CF96
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6}..........." ..0................. ........... ...............................X....`.....................................O.......x................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B.......................H.......L$................................................................(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z.*..z..(....*..z..z..z..( ...*..z..z.*..z..(....*..z..(....*..(....*..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..(....*..z.*..z.*..z.*..z.*..z.*..z.*&...(....*&...(....*..z..z..z..z..z..z..z..z..z..z..z..z.*..z.*..z..z.*.*.*.*.*.*..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.ServicePoint.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):6.55469427567922
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:VCms+xPBa2MwW+4FW/CLX6HRN75R9zEQra:0f+xSXjWz9za
                                                                                                                                                                                                                                MD5:74266D48223CE8A9389065C354432610
                                                                                                                                                                                                                                SHA1:E25DFD2F2CFAA18AC522C44CF665A331D671C10C
                                                                                                                                                                                                                                SHA-256:01461F95272ABEA3079CB5D2FEF91EB6751503EAAF4338949BEA6D4A8AB2CAB6
                                                                                                                                                                                                                                SHA-512:E50814F90572891F7144009CF66EDA349312ED9C9BE487FA3AA6C1E7D8DBD2DF5D250C13C2493D623E81898EA3116F0D1EACD0140CAD6330897B6280B0AF8AA9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.~..........." ..0..............:... ...@....... ..............................>$....`..................................9..O....@...............&...)...`.......9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........ ..,....................9........................................(....*..z..z.*..z..z..z.*..z.*..z..z..z.*..z..z.*..z..z.*..z..z.*..z.*..(....*..z.*..z.*..z.*..z.*..z..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z..z.*...BSJB............v4.0.30319......l.......#~......P...#Strings....l.......#US.p.......#GUID...........#Blob...........W..........3........$...........9...*...........-...........-.........................+.....+.........K.......P...].+.................[.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.Sockets.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):47912
                                                                                                                                                                                                                                Entropy (8bit):6.283889399506109
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:39Ya2Yofp937bgMz2wWGG3XdYYXdzeqK7YYwDw9k10ku2AZxXMuqhgceZxaZIFCN:6a2Yofp937bgMz+3XdYYXdGmDP10UAvC
                                                                                                                                                                                                                                MD5:89DFE16497AB6DFB4C3E54D448695409
                                                                                                                                                                                                                                SHA1:7B2238CEDA5C7D11E604F992E3E5E481F7F0841D
                                                                                                                                                                                                                                SHA-256:8F05870F2327216D0E13A9218F035B5C3D5BD129B7312C5C9C4A6A47F923740C
                                                                                                                                                                                                                                SHA-512:330B3E0EDE5A6A8C768C37EFDA9FDEE2A28437AA9AB7EBFF6DF2CBB10BA9E74F18FE8B19617101CF8F9FD742CAE2C0A6C65F13E67D1FBB6616CB25EE0B658D35
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.J..........." ..0.............v.... ........... ...............................u....`.................................$...O.......x...............()........................................................... ............... ..H............text...|.... ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B................X.......H.......<'..L~............................................................z..z..z..z..z..z..z..( ...*..( ...*..z.*..z.*..( ...*..z.*..z.*..z..z..( ...*..( ...*..( ...*..z.*..z.*..z.*..(!...*..(!...*..(!...*..(!...*..z..z..z..z..z..z..z.*..z.*..z.*..z..z.*..z.*..z..z.*.*.*..z.*....0.............(.....*...................*..z..z..z..z..z..z..z.*.*.*..z..z.*"..("...*"..("...*..z..z..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..( ...*..(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebClient.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):27936
                                                                                                                                                                                                                                Entropy (8bit):6.457833245381811
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:gyBQz4jXyQ2ExCyG9hJaArAUAPCEB6azDW/wtWeWYA6VFHRN75pGR9zqA8+:DBQoyQc9h0BUAK3mHlWFCl5Y9zf8+
                                                                                                                                                                                                                                MD5:40A800196A65B5048E31F42DA11E37DF
                                                                                                                                                                                                                                SHA1:006AFAAC5A1D23C4886423F05CC2EF3DB0D473C0
                                                                                                                                                                                                                                SHA-256:017AE4CFB8515397D1023187AC72B46F2630AC1FF6F9A94B7F1A3085BBE2929B
                                                                                                                                                                                                                                SHA-512:33AF99E2E3E1B9D11B0D7680DB0CBABB51E416DA51D718F7EAB316C08D1234DD4779D377F765C76C4C0E04BB1217C17210EB7F4B666430043E4621FB0BEA9190
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..:...........Y... ...`....... ...............................(....`..................................Y..O....`...............D.. )..........hY............................................... ............... ..H............text....9... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................Y......H.......X"...6...................X......................................*....(....*..z&...(....*..z..z*....(....*..z*....(....*..z*....(....*..z*....(....*..z*....(....*..z&...(....*..z..z..z..z*....(....*..z*....(....*..z..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z.*..z.*..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..z..z.*.*..z..z.*.*.*.*..z..z..z..z.*.*..z..z..z..z..z.*.*.*.*.*.*.*.*.*.*.*.*..z..z.*.*..z..z..z..z..z..z.*.*.*..z..z..z..z..z..z..z..z.*.*.*.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19744
                                                                                                                                                                                                                                Entropy (8bit):6.596645319744449
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:HIVEJOUaQ4Cpw8SOzWJIlWdFX6HRN7TPEpcR9z0BZn:oVEJ8QW/k2lWzEpw9za9
                                                                                                                                                                                                                                MD5:34FD6DF5647C5561805FE96BBF48D60B
                                                                                                                                                                                                                                SHA1:F22865E91E760E68346ED501D1EDA1DCF291E130
                                                                                                                                                                                                                                SHA-256:1FB76E400CCD68F5D9A0370AB85DD42AA3BF45712C94CDBEA4012C98C44F2F88
                                                                                                                                                                                                                                SHA-512:2191069C2F88176A6D49E3FEAE6C8CCB15699F0C7E07FD5BC6ED2E1F3B66345E41F20E9AB16DD555520656868974397BE25C4E00B8EC6A5741B0AB1D05526971
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............j8... ...@....... ..............................L.....`..................................8..O....@...............$.. )...`.......7............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................L8......H........ ......................|7........................................(....*..(....*..z..z..z.*..z.*..z.*.*.*.*.*.*..z..z..z..z.*..z..z..z..z.*.*.*.*.*.*.*.*..z..z.BSJB............v4.0.30319......l.......#~..H.......#Strings............#US.........#GUID...........#Blob...........W..........3........".......I..."...)...........G.........................................................d.........O.^...........f.....f...i.......f...N.f.....f...h.f.....f...5.f...&.f...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebProxy.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18216
                                                                                                                                                                                                                                Entropy (8bit):6.701565979278434
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:TwVbmCA3WpvwW3YA6VFHRN7NzYMTR9zUZTPn:5+hFCleg9zC
                                                                                                                                                                                                                                MD5:1D82C8D533B7FF6922C72AE963724404
                                                                                                                                                                                                                                SHA1:6BFA201F258A85C357FF987980A71172C98378BB
                                                                                                                                                                                                                                SHA-256:00CE76F2C79194803B22467333F0C9C14097BC9E7D782242FEF8457A6DB8EF41
                                                                                                                                                                                                                                SHA-512:0D195E023659DE860F5AA7200BF8A16970AA33967CEA6AF1D85400329B2F1E8EEFB55C7E80076058CE4FC1A03CBECA559827E9F048EF07AB2024D0105C63D40B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.o..........." ..0..............3... ...@....... ..............................vQ....`.................................p3..O....@..x...............()...`......T3............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................3......H........ .......................2........................................(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z.*..z..z.*..z.*..z.*..z.*..z.*..z..z.*...BSJB............v4.0.30319......l...x...#~..........#Strings............#US.........#GUID....... ...#Blob...........G..........3........#...........)...........0.............................W...........................%...........s...................s.....................D...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19768
                                                                                                                                                                                                                                Entropy (8bit):6.630885657044318
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:db1aPCS8Vb831xbuVW/oFWnC0X6HRN75mD9WR9zB3UNGai:vaPQJd8W5mM9z1Ug
                                                                                                                                                                                                                                MD5:AA6EDB1CD55077458AB2CAD573234422
                                                                                                                                                                                                                                SHA1:95DA6C28E20B54A140122BDBB4C65B42E9CAF692
                                                                                                                                                                                                                                SHA-256:023F6C6827D54B5C0C7B8214B2D76B4EA9D4F3EF9B5692A1CFB303B4B80CD785
                                                                                                                                                                                                                                SHA-512:D13143397549D83541C9319499561CE3177F131D8C0FAF99AC93D0ACB5712B74F76CF1A28E2E596438B2633D3A12FF9426FE434B5F5803E3BC1D5E437A7B50E0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............" ..0..............8... ...@....... ..............................M#....`.................................|8..O....@...............$..8)...`......`8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H........ .......................7........................................(....*..z..z..z..z.*..z..z..z.*..z..z..z..z.*..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*.*.*.*.*...BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID.......P...#Blob...........G..........3........4......./...2.......?.........................>.........a.....4.....V.......................<.....+.....................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.WebSockets.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22792
                                                                                                                                                                                                                                Entropy (8bit):6.51538305070773
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:s+qVVBPKCpa65WarkrWtdKW5YA6VFHRN7OMSkR9zEYrmsy:TqVVI18rVFClOMSI9zq
                                                                                                                                                                                                                                MD5:EF30FB99AE796D13C9C6A8D216B46D74
                                                                                                                                                                                                                                SHA1:3D92A9468DB2E8B6D741ABB3867BAB7F9A8487F5
                                                                                                                                                                                                                                SHA-256:0CA0EE5371BAED08C60C95B1E58025E3228F2FD41E5A754497E10A2CA7B16EA5
                                                                                                                                                                                                                                SHA-512:EA111F8F80D9492661C65DD26E08073659447C252E4E2348C7BD96C1826C0E0C5E63E7607D0B90C5050D57B5448D7E98441227482FDAA3B878DDBEA32C458C1B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0..&..........^D... ...`....... ..............................Z]....`..................................D..O....`...............0...)...........C............................................... ............... ..H............text...d$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@D......H.......`!..."..................pC........................................z..z..z..z..(....*..z..z..z..z..z..z..z..z..z.*..z..z.*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z.*..(....*..(....*..z..z..z..z..z..z.*..z.*..z.*..z.*..(....*..z.*..z.*..z.*..z.*..(....*BSJB............v4.0.30319......l.......#~..\...t...#Strings............#US.........#GUID.......,...#Blob...........W..........3........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Net.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17688
                                                                                                                                                                                                                                Entropy (8bit):6.619310311563334
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:m313DLE8RCWovVaWWdX6HRN7IOO2IR9zJgIV:S13Dq+WLhU9z9
                                                                                                                                                                                                                                MD5:E1BDFB0A3C2077F217E94626A9C84D37
                                                                                                                                                                                                                                SHA1:4485FA68954A681EAB2A6C6BB5006645AA63FB39
                                                                                                                                                                                                                                SHA-256:18A45C63385C3F59BD8A503939E2E5C7CD327E2C03219A550E016D6A7CFEF468
                                                                                                                                                                                                                                SHA-512:8D004D51503A92DC1878853DCD028D7865F22392FE194DEE0CEF6DF0B0A0E040BD2F4D33F4F0524DCB130E39359AF9506A6D0F894CE3D6FD16AA54A2CC67C61A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0..............1... ...@....... ...............................#....`..................................0..O....@..8................)...`......./..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................0......H.......P ..$...................t/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID...........#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):41256
                                                                                                                                                                                                                                Entropy (8bit):6.158089086991519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:G+7Qi0DLe1jFPUdPYHKXmXnAOKQ/Fhw2mDL7kkiJ2QWa0BWEgYA6VFHRN70YlORB:rQs1xaGA/eFhwBLYkiJALgFCl7K9zS9k
                                                                                                                                                                                                                                MD5:11132FA6A260E51EF6406C07D755FE6E
                                                                                                                                                                                                                                SHA1:4C36C62DF19068B38170AD0D0BFE7E697DB3B01D
                                                                                                                                                                                                                                SHA-256:798C9A8444EB00E0865E172EF7668D804C801663D89B3657EBE95AB5D3B9D61C
                                                                                                                                                                                                                                SHA-512:C9DC967B9B5D08CD6239A882865E680833A217F051BC8982B9E0824F484B85B83B32C8DB68A06B3B0FBAEFB4BC0630BCBC1FBA9BF35CA944C0CF4F3D300B0380
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T_..........." ..0..n..........R.... ........... ...............................`....`.....................................O....................x..().......................................................... ............... ..H............text...Xm... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................4.......H........&...e..................d.........................................z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Numerics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.743391402121608
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sF7xIOUCtWeQNW4pWjA6Kr4PFHnhWgN7acWOedNx6RMySX01k9z3AcyNaxQGEHo:K1fWeQNW4YA6VFHRN7edGMR9zPyr5Ho
                                                                                                                                                                                                                                MD5:C9FC19DB9FE74066786403B4829EC5CE
                                                                                                                                                                                                                                SHA1:12240200EC9DC0A64B141761DD2ECF7CCF4D4480
                                                                                                                                                                                                                                SHA-256:8CECA85D001CFBF974FA37ED8C64CF97B619DCA942501EFCF22D4F369BA42292
                                                                                                                                                                                                                                SHA-512:3FD206570AB29DAC923CAA7E1FBB32AE855D7814559534637EC381412CAD6AFB89FBAB99BDA21BBBA975554ECF5955B60D2129F5DECB50D70477E1A4BEC7A18F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.(..........." ..0.............^)... ...@....... ..............................+.....`..................................)..O....@..X................)...`......,(..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?)......H.......P ..\....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ObjectModel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.473138772881123
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:18wZ7Aapa9ac8k6a4LtEm7XYDh0pWSoOXWwYA6VFHRN7DwIBHR9zQczHi:18iUA03UaKnFClhf9z7bi
                                                                                                                                                                                                                                MD5:EC89382D6256AEA43BE471FDB3CAB966
                                                                                                                                                                                                                                SHA1:E1D25043BADAE2442905B190728BF8D963A75050
                                                                                                                                                                                                                                SHA-256:A3D550F01B46F55A164C076F0F36E2733413F1369D553C578DCEA508F36C3A09
                                                                                                                                                                                                                                SHA-512:2EF196B8BEE87905FB63F0D5510B1116D673DE6082BCD498DE70F474F219626612C33237043AC7B5D4CDCD5CA8D02E3DF37B739E3A98A76FF5DEDD6CB0AA5ADF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A............." ..0..*..........>H... ...`....... ....................................`..................................G..O....`..x............4..()...........G............................................... ............... ..H............text...D(... ...*.................. ..`.rsrc...x....`.......,..............@..@.reloc...............2..............@..B................ H......H........!...%..................PG........................................(....*..(....*..z..z..(....*..z..(....*..z..(....*..z..(....*..(....*..(....*..z..z..z..(....*..(....*..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..(....*..(....*..(....*..z..z..z.*.*..z.*..z.*.*..z..(....*..(....*..(....*.*.*.*.*.*.*..z.*.*.*.*.*.*.*.*.*"..(....*..z.*.*.*.*.*.*.*.*.*.*.BSJB............v4.0.30319......l.......#~..t.......#Str

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.774139177733172
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:YHC3Wln4WqYA6VFHRN7tktzxIPaR9zEMD:MCSMFClatzxOW9zRD
                                                                                                                                                                                                                                MD5:46BBB1D74F045D7869781C2FE6FF4694
                                                                                                                                                                                                                                SHA1:B3602372CDE32897AA1EB3AB753C073F9C759D63
                                                                                                                                                                                                                                SHA-256:1ABAA1121D00233B76CBC605501BBD75DE21D199FB02611C2F1A9FBBABCBA30E
                                                                                                                                                                                                                                SHA-512:7C879D3F756A4212EE35F402271833796F3FE0CF1AEF22BAEFDC3A5B07B95BE455FB23EBBF697A8CB063AB770EFDD51A8F7F86C3D83710108F5FCE0700131822
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v............" ..0.............F+... ...@....... ....................................`..................................*..O....@..................()...`.......*............................................... ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................(+......H.......` ......................X*........................................(....*..z..z..BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob...........G..........3............................................................q.....h...........!.................N.....;...........O.........................................Y.....3.................t.....h.T...0.T.....T...B...............................U.....P ............X ......

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20776
                                                                                                                                                                                                                                Entropy (8bit):6.564231934513009
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:VtVGMPMHs+SAuWuWVTUWcAYA6VFHRN72C49WR9zBG:P0uMM+SABheAFCl2w9z8
                                                                                                                                                                                                                                MD5:A68A614FFD71C1FDE6AD1C2B28AA6FF1
                                                                                                                                                                                                                                SHA1:B2E209B8C6FFC64B12BC3F5F10F33ABD2FA8C6D0
                                                                                                                                                                                                                                SHA-256:F759E2D97F95ADB43BA041B323DC2368378BD638B51C1B619B292F387F6A7680
                                                                                                                                                                                                                                SHA-512:23D8332235101583163787677FA8CB36A3AFF38BC665F3BC0565E108A35C1D812A6C4A7BF19C54FDC8941248D6B640588D9B6162291A99AC3DF239340E17A713
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.9..........." ..0..............=... ...@....... ..............................w*....`..................................<..O....@...............(..()...`.......<............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................<......H........!..$...................$<........................................(....*..(....*..(....*..(....*..(....*..z.*.*.*.*.*..z..z..z..z..z..(....*..z..z..z..(....*..z..z..z..z..z..z.*.*.*..(....*.*.*.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob...........W..........3........&...........R...~...........T.......................................h...........T...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19752
                                                                                                                                                                                                                                Entropy (8bit):6.651723759048503
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ly/+4NfQdBzZWxEVJWKYA6VFHRN7u5rgoJR9zgXy:4NfQdBDXFClmrf9zR
                                                                                                                                                                                                                                MD5:C5A509D006188E7C2931436BB6EBB3C6
                                                                                                                                                                                                                                SHA1:998A7D3E8D609B896B852AB73BC8CF1E7422471A
                                                                                                                                                                                                                                SHA-256:3B31FA2894F0C383D13896F42411D133027929D256779AE0F77D32D5C82ECDA1
                                                                                                                                                                                                                                SHA-512:827C50CEACDEACDF00CA772E73ABC2650C5077BCAA654266589A6EEA9ED5E404EFB5452B754612347259B7E852E7D34FB9B4D49248FB42B608B5E612BE8CB3C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............:9... ...@....... ...............................,....`..................................8..O....@...............$..()...`.......8............................................... ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H........!..4...................L8........................................(....*..z..z..z..z..z..z..z..z..z.*.*.*.*.*.*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z...BSJB............v4.0.30319......l...\...#~......4...#Strings............#US.........#GUID.......$...#Blob...........GU.........3........+.......5...N.......@.............................b.....................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Emit.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):43296
                                                                                                                                                                                                                                Entropy (8bit):6.259805145518552
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:FWvEx7W8I7X+KXU+Q6BHyVHmxIIR4m5Jvlzj09FhlFClLwY9zD:FeEk8I7+gQ6BH8G3R4qRluJiLwQzD
                                                                                                                                                                                                                                MD5:8D45B9A077DC49D713B39D3AD7FF2960
                                                                                                                                                                                                                                SHA1:7C1B5F2332EFA887A6A2E21C47E8459C11BEF515
                                                                                                                                                                                                                                SHA-256:37B4C892C084F9D037830706B0173750216F5257B60309CDEB950D9BACD07E71
                                                                                                                                                                                                                                SHA-512:94C0F9821C307B2FD8F5FEFDC441D5654DEB9FFD64CD1A3AFE1E0479131E6EB79D9C304D2954413317D0E417AA3605EC877C3CC9A54C1E017027F9D177D03841
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e..........." ..0..v............... ........... ..............................nV....`.....................................O....................... )........................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B........................H........%...n..................$.........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..(....*..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*..z..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..( ...*.*.*.*.*.*.*..(!...*..z..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.793667220027114
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:Vv8XzrxAlvUWKZWWGhpWjA6Kr4PFHnhWgN7aIWxn+EYHnsTX01k9z3A1Nmjl:VEDlAUWKZWWOYA6VFHRN7qpYMTR9zUc
                                                                                                                                                                                                                                MD5:92E0E5A63D25B9C3AE3983FD1B126A8D
                                                                                                                                                                                                                                SHA1:AF7095C2D4D58A19F205ACEF1019064905F44EF5
                                                                                                                                                                                                                                SHA-256:F006C1DF74494ED22ED0ACE97F4D3D1A8B2B5C65DE706D201B76146FDD5EA6EC
                                                                                                                                                                                                                                SHA-512:92A3F172F88E4BCE2B7651801D7FBDCC7C5BBFC242D60FD416EC6DDDADC4E0BB98ED24979B0FCB008B220D7EB93EE45C4DC39E4B030A4F9F23AEA94FC8ED82CC
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z)... ...@....... ...............................=....`.................................%)..O....@..................()...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Metadata.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):120584
                                                                                                                                                                                                                                Entropy (8bit):6.392311287308853
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:yY1XNAoHWjl04zouWCcpPLr1LfurN0QKdhY4dPG8JnBybmwRlHnRnfm/4RykXUz0:yYT92yWvwmp0QKownBGnLpawek
                                                                                                                                                                                                                                MD5:256B8547DE491C57A2B7C894752DD00E
                                                                                                                                                                                                                                SHA1:2547580F42355C724D774E88E6D21401F0BA4E2D
                                                                                                                                                                                                                                SHA-256:F27272978701DEA04D79758B8956AF2AB2F5F64FC33261D8A792608040AAE5DE
                                                                                                                                                                                                                                SHA-512:DB53F7106E65B450B6CF5D72BA99B59714C56B072C1878107018A0D9AEF2B4330F5627763F6219EEDF606496618C8F4513CBFDFF9AA85E1D1A65FBA8AE8C3720
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....vX..........." ..0.............z.... ........... ....................... ............`.................................(...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................\.......H........5................................................................z..z..z..(=...*..z..z..z..z..z..z..z..(=...*..z..z..z..z..z..z..z..z..z..z..z..(=...*.*.*.*.*.*.*.*..z..z..z..z..z..z..z..z..z..z&...(1...*..z..z..z.*..z..z..(=...*..z..z..z..z..z..(=...*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..(=...*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(=...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22320
                                                                                                                                                                                                                                Entropy (8bit):6.607249748468344
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:xWUwmiSB6Q+8gOalpPLdIpIDJMBfCWSx+WEX6HRN7DYMTR9zUr:Dwmixh8cjDWCdkUsWkg9zs
                                                                                                                                                                                                                                MD5:645D0F211539D4F81144257D50925574
                                                                                                                                                                                                                                SHA1:2A5E70A05753A0BFC88531E452DB4A9C91E6C24A
                                                                                                                                                                                                                                SHA-256:4C8C9FEEF4B64288AB538C6D7A4E5AD6C8A5E93AA111825718D12864BF3C26F0
                                                                                                                                                                                                                                SHA-512:8F602C2A0B6C8FF3E20202A486212B5A2CB41BE1AA6EAA31AC7C46AC1D0FAE2044D062C2AEBB9FDAD7AD88C9B867A5AC2677B60A400E7CFD17A2B38B3E8DBD46
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I7..........." ..0..$..........zB... ...`....... ....................................`.................................(B..O....`..................0)...........B............................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B................\B......H........ ...!...................A........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..z...BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......p...#Blob...........W..........3................/...................G.....................................W.........b.....I.....O.x...........&.........5.....,...........0...................................u.....J.............................c.............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19744
                                                                                                                                                                                                                                Entropy (8bit):6.59315794460953
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:kiLgm40726bCWmBeWOulX6HRN7y/7R9zj2Ik:dLgGBb4OkWyF9z6x
                                                                                                                                                                                                                                MD5:CB1AA01DDA3FFFA47ACDBB59086B1AD4
                                                                                                                                                                                                                                SHA1:295B4EBFEAA4C03DD5AFD62B1B169FB9E7C34269
                                                                                                                                                                                                                                SHA-256:AEF5FE0154CCB9D8D45B33E5ED720574CADDC2BC69CC36AA3A335572B5557C9D
                                                                                                                                                                                                                                SHA-512:F2A957A32E28993DF154DB66167E560847DDEE9860A66B95594955A1C0DEC5E8FAC90DD3FDECCA4C5A85EBDCC82184F84C3745448CE0FB8644C7EF82C2B4FE9F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d............." ..0.............F9... ...@....... ..............................o(....`..................................8..O....@...............$.. )...`.......8............................................... ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................(9......H........ ..h...................X8........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........G..........3........%.......5...t.........................e...............6.....-.....".k........._.K...............................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Reflection.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.685947251423688
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:y+CkNQKYxA7qjWhFCW0WxNzx95jmHnhWgN7agWBBXLrp0KBQfX01k9z3AA7OfL:ytjXjWhFCWbX6HRN7oRxB+R9zpifL
                                                                                                                                                                                                                                MD5:6AD5CAD80276892BA4CC02B27E85BE12
                                                                                                                                                                                                                                SHA1:7333C6F4682AD9C77D9FC319DFA48372A5CA321A
                                                                                                                                                                                                                                SHA-256:ACD8F3EA0B145517E9DBE2D276B174DF4C7EBAAE28ABA62EE2303A8AFC83235F
                                                                                                                                                                                                                                SHA-512:5C010AC745B3DBB5D22149DC8C373B2ECC9D9EB38566714FF23119C4FB0BC03B4A49607DFC073DE5912DBD8B4583E80C1E528CD5710C1865CD1CD18CC7CC08C6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ...............................T....`..................................,..O....@..h................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.Reader.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15648
                                                                                                                                                                                                                                Entropy (8bit):6.7745107157816
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:nhDOxAmBW4+3W27WxNzx95jmHnhWgN7agWPDucADB6ZX01k9z3AqRariR:OfW4+3W2UX6HRN7EucTR9zlRarM
                                                                                                                                                                                                                                MD5:B60D236051B2ABCB66F74C4812223C62
                                                                                                                                                                                                                                SHA1:8786DC5545047F56D1C909265841212C203ACE2C
                                                                                                                                                                                                                                SHA-256:4EE54B35DE61268A3C9DB9A80DB5F005B49C134F5E9CEDCC0B31CDC2D120058C
                                                                                                                                                                                                                                SHA-512:93873F04B3C5B8F962DD376DD7A3B0672F85F086C5E8BA08478488740D8DCE9D77679B8524E210CCF4F2386D8CE5CDFFE17C2709C79897C7F477A6ACB4D59AA5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`5............" ..0..............)... ...@....... ....................................`..................................(..O....@.................. )...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.723144015881292
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:PaO9uvWV6zW+mYA6VFHRN7DgFDR9zTPUz9/:Pl9unPmFClDkl9zAz5
                                                                                                                                                                                                                                MD5:066BB1ECF94BF9C15F39A89C55AE70EF
                                                                                                                                                                                                                                SHA1:B711BBAD6052C4BB53D8BEA0DBB9FA64B3402DDB
                                                                                                                                                                                                                                SHA-256:78EA4958BBA58923073533245EEC77810C34DE5C4D7F8FC5F2DCB20503C39068
                                                                                                                                                                                                                                SHA-512:610558F4B5CF6F72921B3BABE28CA842EFCE97A85FA4FABAD91FB8EB92ECBCF5154A52E185965347974720D0E377239DCBEFE00940F4F28BA78A6438A8B5547D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0.............n*... ...@....... ....................................`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Resources.Writer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.684114766404595
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:h6WiQxIL0We4VWkWCWxNzx95jmHnhWgN7acW+UwKUWX01k9z3A/qGPvQJ:h6aVWe4VWRRX6HRN7J2R9zUTPvY
                                                                                                                                                                                                                                MD5:E49EAC92A72AB58927341052EECB5B58
                                                                                                                                                                                                                                SHA1:D3D34D5E6D8BFDE6D9A979BEA1DFCBAF4A72C989
                                                                                                                                                                                                                                SHA-256:D4845A5A2142F5EE0748112558C44E6C3B885863FE5113FF814606EF09E89482
                                                                                                                                                                                                                                SHA-512:8BE4A74BAA008B936BA63B85319C7FABC44E2CB5EFFAE751F2D45EFBB108F5C6D5BF93D0DEF8D874422EACC3B7FA6FB0F1D4AC0E28B528872C846DF21E28AA3D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8..........." ..0..............,... ...@....... ...............................I....`..................................,..O....@...................)...`......d,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......x ..l....................+........................................(....*..(....*..z.*.*.*.*.*.*.*.*.*.*.BSJB............v4.0.30319......l...P...#~..........#Strings....p.......#US.t.......#GUID...........#Blob...........G..........3....................................$.....................................k...}.k.....X...............-.k.........t...........d...........W...........1...................k...H.k.....k.....k...F.......................x.......................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.804784998922409
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:m7xAvH5HmWgJ2WQkWxNzx95jmHnhWgN7a0WECSj9BtaFFX01k9z3Ay3myt5D:MCgWgJ2WQLX6HRN7JCc9WR9zBT5D
                                                                                                                                                                                                                                MD5:C491FA202B388C62A783E9E7B8219531
                                                                                                                                                                                                                                SHA1:4DB62FCC3451FE365B96AC8F6AFB8B36A310D0A7
                                                                                                                                                                                                                                SHA-256:2DC6D8D20AF5A36257AF1E816F289F3F21611E811DBE9AF20966E5D4E701B7E1
                                                                                                                                                                                                                                SHA-512:2046C41F7F5CD99020FA5784B8656636CE6AD2EC35295AC580704314622841812F4293C08847C01AE2DB833AEAB4DF2DF59BC33812423121FD1DFC9FF42A04FF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ...................................`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................))......H.......P ......................h'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17712
                                                                                                                                                                                                                                Entropy (8bit):6.664434645442667
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:bEY+InZWsCLWl3X6HRN76XDtdQ5R9zadWS:bmIAKWuds9zK
                                                                                                                                                                                                                                MD5:4CBF68C09FD1A67EFC14D3EF39A2C357
                                                                                                                                                                                                                                SHA1:644DC59F7493DF20B44BF9BA61187C54879C19A9
                                                                                                                                                                                                                                SHA-256:34A5EF6359710BDEA0BC92FBE743052C2C6F54FB1F4A0C86C44F8967765575A7
                                                                                                                                                                                                                                SHA-512:9DB148C4220081EBE2DA39B6C0EFE023429B718E4F92118DCF69762895743D4753AFDB2A2B59F6E50F5DD8C37E59ED07B3F6F7F650E514DD84E598141826C4AA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T*............" ..0.............&0... ...@....... ..............................F.....`................................../..O....@..................0)...`......./............................................... ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H........ ......................8/........................................(....*..(....*..(....*..(....*..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*.BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob...........G..........3............................$.......................................3.'.....'.........G.......'.....\.....'...C...................................g...........k.............'.....'.........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18224
                                                                                                                                                                                                                                Entropy (8bit):6.562338179216365
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:5/Sj5rt9x+vFW8gNWXNX6HRN77pGR9zqYI:5qj1tSOIW7Y9zPI
                                                                                                                                                                                                                                MD5:33FB9BBBCBA3E7BBBD7BA9216958008B
                                                                                                                                                                                                                                SHA1:7660B39FDF52E35EDF106D6900F2C7862121EEA4
                                                                                                                                                                                                                                SHA-256:C31F0812B87812A10627C8603CA265E1A33927047134B1DD5CE69356869E250C
                                                                                                                                                                                                                                SHA-512:D51FD4D60B53C8BD23BC285FF34C447CEB517C3E402A8D61DB397996C3800F268B4F0ABEBEAC12BF42B608506EDCBF66CC4A27E46C0842B9BA149DAB61E5F01D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............." ..0.............22... ...@....... ....................................`..................................1..O....@..................0)...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Handles.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.814505381555342
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:6lfzxAd9sbIWAZmWwXWxNzx95jmHnhWgN7aIW2a3YHnsTX01k9z3A1yb9:AftoObIWAZmWwYX6HRN7+YMTR9zUg9
                                                                                                                                                                                                                                MD5:5E4C20E0A38D62A629E7009686E20264
                                                                                                                                                                                                                                SHA1:27459AD6B3431B3B522CBD4AF7CB8DA84618353D
                                                                                                                                                                                                                                SHA-256:FF10134A6AB7612D6AA2A368B1C6F3173A30CBB1ABF8D517C97895DE72132F2C
                                                                                                                                                                                                                                SHA-512:5F11D193335F8556E66A040B1D29B18BEEDEB2F3FF1DE4E59D278E9B9E45464F9B5389C7815DB5A8889BCCB754F9B7F6E58B4535FF749CC33FF701B43516CEDA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..............)... ...@....... ..............................z.....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.JavaScript.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26424
                                                                                                                                                                                                                                Entropy (8bit):6.392770526227981
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:kmh/PiDpHDTU840O/OeZciWqO3WV2X6HRN7KkELRPR9zjOE9:kmViDpH3U84LGyc/PWlQ9zKS
                                                                                                                                                                                                                                MD5:F85CCFFEC8FE81DAC71529C26AC960ED
                                                                                                                                                                                                                                SHA1:C9AD43B168405271029ADE98394AB18157A1AFC5
                                                                                                                                                                                                                                SHA-256:4700C26150B8B1B0BA39F9D6836B59AE7BDD5C91A121C3EAEB29133734C8A458
                                                                                                                                                                                                                                SHA-512:57DAE0D0F59BBEC28125B91602BC1F485B6ECAE194AD88801AEE9A1AED88C6F99EB0FB84AEE1FF5336CC3E60FCBCCBF82DBF8FED74C584751619C3E768DE7CD1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%............" ..0..4..........bR... ...`....... ....................................`..................................R..O....`..(............>..8)...........Q............................................... ............... ..H............text...h2... ...4.................. ..`.rsrc...(....`.......6..............@..@.reloc...............<..............@..B................DR......H....... #..T...................tQ......................................".(.....z".(.....z..z..z".(.....z".(.....z".(.....z".(.....z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z".(.....z..z..z..z".(.....z..z..z..z".(.....z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.847005993457445
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:K7e1enxAbDNrWHDUWMqWxNzx95jmHnhWgN7a0W0kzj9BtaFFX01k9z3Ay3mKPUpc:KCUxQBWHDUWM5X6HRN709WR9zBbMc
                                                                                                                                                                                                                                MD5:13D864886ED9DAF09E800B3851B4A05E
                                                                                                                                                                                                                                SHA1:5F7DE3337CD71E167B6D70626D29DC7139AB765C
                                                                                                                                                                                                                                SHA-256:357797FEA3E2F1FAE6DB8F47AA096BDC35707BEB16EA912019877812708841D4
                                                                                                                                                                                                                                SHA-512:F561129CEEB84C4C0AE1C605887907E9ABA9BF20A5107828F706D3A5BD075C87C918B0551845208D81A1AD65CE7844044187430F943EEF8253FD257AC6E937F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C./..........." ..0..............)... ...@....... ..............................&.....`.................................{)..O....@..h...............8)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):97560
                                                                                                                                                                                                                                Entropy (8bit):6.368960175485877
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:fu3Ux+Ojt/bSGYHqsUpCi2DczN2+kmA0M1cC998nSWSXVviK96WKzA:23I+MbSGYKsk23PmAR1ctSXRiK96tU
                                                                                                                                                                                                                                MD5:DC5729BFE680A5A2D8D1A06B4B6BEBBE
                                                                                                                                                                                                                                SHA1:66D9A87A6B2F21017DC60971B7AD967C3B7BD430
                                                                                                                                                                                                                                SHA-256:27CA325FAC36EA451F800D3C4C9BF8E8D0D64D0E6CC82BC9DAFF9BD4EB241C12
                                                                                                                                                                                                                                SHA-512:B8D0AC6A13E393DA8FA9D87CC31A7BAA30F6ABA079D294E31CE1D089F6CD8FAF6EFD53ABD8AD22D37F8D54B7C2F8E8E2A6AE1F4B9037D71CA3156C5E539472D5
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@N............" ..0..J..........2i... ........... ....................................`..................................h..O....................T...)...........h............................................... ............... ..H............text...8I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H.......0,...<..................Dh........................................(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..z..z..z..z..(....*..(....*..z.*.*..z.*.*..z.*.*.*..(....*..z..(....*..z..(....*..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z.*..(....*..z..z..z..z..(....*..(....*..(....*..(....*..(....*..z..z..z..z.*.*..(....*..z..(....*..z..z..(....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):276776
                                                                                                                                                                                                                                Entropy (8bit):5.60661588635811
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:jmMcmdDWDQgwZPxX+PvRo+POrq+R/AR0XlD2ajDFMhp5M6QtBZ:1Db1x+GLu6lD2ajDFMhp5MRX
                                                                                                                                                                                                                                MD5:B6967ED584D49DA9B2700A2CC223CE40
                                                                                                                                                                                                                                SHA1:50C69287DC5B97E7C339BF572679624D0632868D
                                                                                                                                                                                                                                SHA-256:1286578BFA56726832EB39905E98643FE8DE6C4F6B50B869F24CC92DB220AA47
                                                                                                                                                                                                                                SHA-512:BC1F89BEA2A555747CCD5482CAEB63A93E65C2BF550C393C9A0D8B97A170751EEE2F846DF11267CB356A9D4FDD691E01C715847959D38B9C7D8C743F4D05E5F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............$... ...@....... ..............................7.....`..................................$..O....@..................()...`......x$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H........j.......................#........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Loader.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19744
                                                                                                                                                                                                                                Entropy (8bit):6.680888174922117
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:jkrUFb6gyw8HuYW5ZGWqdYA6VFHRN7EDtdQ5R9zahAoH:Yr3lXgSdFCluds9zPC
                                                                                                                                                                                                                                MD5:98954C38983BF836C1668F4096B3EAB1
                                                                                                                                                                                                                                SHA1:2AA2836D76A04E36D8DFD27F99EAF4A8ED4F4FE2
                                                                                                                                                                                                                                SHA-256:4E1185EEE834C542376FC89E54D3C0D943242A27DD427B70984826AD8822FC26
                                                                                                                                                                                                                                SHA-512:BAE808D794098EEE64A6C9E5AAA3AB0AD9D4AC5A3176DE6D764C42F77CC1B07E79355AFF4005733C19DEB7DCB5392C18194BC168E7F323127630A2B00D80FBDD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}..........." ..0..............9... ...@....... .............................._.....`..................................9..O....@...............$.. )...`......|9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H........!.......................8........................................(....*..z..z..(....*..(....*..(....*..z..z..z..z..z..z.*.*.*.*.*.*..z..z...0.............(.....*....................z..z..z..z..z..z..z..z..z..z.*.*..z.*..(....*".(.....z..z..z..z..z..(....*..z.*...BSJB............v4.0.30319......l.......#~..4...,...#Strings....`.......#US.d.......#GUID...t...p...#Blob...........W_.........3........,...........,...(...............G.......................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):36664
                                                                                                                                                                                                                                Entropy (8bit):6.366463390136089
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:EcYtusMgscRORYRzZoHTllXZYxeRS+WrgR7in9z0:vLvgzzZoHTrZYxeRS+W79z
                                                                                                                                                                                                                                MD5:E3D955E929E21C1106EDB29D6706DD70
                                                                                                                                                                                                                                SHA1:7F264121ED1E76830F000BEB1DA28CACB9998EB5
                                                                                                                                                                                                                                SHA-256:9291960B8AE51C97280B97838CD5D48E5A4FD214DCE2A048305BB7BF837BF8E6
                                                                                                                                                                                                                                SHA-512:D662A50AA982411538D169D675BA4ED801F151EE9BC3F028102540554B32C63EC6CDF0E4C25E9898003684E5EFCF0B1A7A181442640F6C797212F87D5E73DBBF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...GP............" ..0..\..........2z... ........... ...............................#....`..................................y..O....................f..8)...........y............................................... ............... ..H............text...8Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H.......($...U..................Dy........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23864
                                                                                                                                                                                                                                Entropy (8bit):6.521364670569038
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Gn5JzF6cXmZLiEBJLHSIjYrsDZbfLapuSc3mMhYZeWF7SmBiW8jX6HRN75AxoJRw:y5JZ6cXmZLiEBJLHjj9ZX3mMhYZFGmBw
                                                                                                                                                                                                                                MD5:B004A2DB1904B816E2F08649E01DE274
                                                                                                                                                                                                                                SHA1:3D8D44A08E05170762F369B647948D07A2F6D323
                                                                                                                                                                                                                                SHA-256:050966EEFB4C1023A1894C857041457CBAF25694D51CC7E4D198BA7C14DA010B
                                                                                                                                                                                                                                SHA-512:BE96DEF1A2265BC405703078D0DBAD5FBAAD52B541F5377EEE53F2E7B2AC9966C7EEDFB71E0213D138B406011B12BBD708F0B97C69252E14EDE9481F73FA118F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ..............................5_....`.................................lI..O....`...............4..8)..........PI............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................I......H.......D!...'...................H........................................(....*..z..z.*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..(....*..z..z..(....*.*..z.*.*.*.*.*.*.*.*.*.*..(....*..z..(....*.*.*..(....*.*.*..z..z.*..(....*..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........W..........3........'...........v...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21288
                                                                                                                                                                                                                                Entropy (8bit):6.553557953094068
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:+w7b2Pa9U7USsUC9EaSHwmVyVWbuodB5WiYA6VFHRN7ledtkELRPR9zjO7:+2buRsrlSHwmVyWVdBzFClwkQ9zK7
                                                                                                                                                                                                                                MD5:8798311C8E5F6298E78FC215D1B872DB
                                                                                                                                                                                                                                SHA1:8D548FEDCC92606E7F0B54AC3FD147E8B77E7302
                                                                                                                                                                                                                                SHA-256:15609A015A00E1BD7FC567F812D71696AD88BE164BC84F8CF605A8097D2B95ED
                                                                                                                                                                                                                                SHA-512:03A4C71C3CEDCA759B6C77D2A11DF98262B52D650D2DB7BC8224A20A33628F657C5BEBDA2B7829D4012FA7A4DB42B9AF47A89EEE83FFA2AEE47866D8B702879E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z............" ..0.. ..........&>... ...@....... ..............................."....`..................................=..O....@...............*..()...`.......=............................................... ............... ..H............text...,.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......4!......................8=........................................(....*..(....*..z.*..z..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*..(....*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z.*..z..z..z..z..z..z..z..z..z..z..BSJB............v4.0.30319......l.......#~..,.......#Strings....D.......#US.H.......#GUID...X.......#Blob...........W..........3........(...........D...i...........o...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20264
                                                                                                                                                                                                                                Entropy (8bit):6.556036069529289
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:oiXrwvk2aMt3HSBLHWFISJBrWtYA6VFHRN77lTVDtdQ5R9zaQ+:LXNqxJBmFClZ3ds9zA
                                                                                                                                                                                                                                MD5:17BB4C7C8E22588D211E13ED1DF23D79
                                                                                                                                                                                                                                SHA1:7C837E4096013C8E5C2A9B4798595A5FFE3E9D39
                                                                                                                                                                                                                                SHA-256:DDC84C10412A386D843B0F37E1D6DA06005A9B0E282F26AA5A0EC8C04D0E6E1D
                                                                                                                                                                                                                                SHA-512:E710B3B5EC491F49A4E639EC3E9EC2011F7F1A424D1973E654E01C9CBB0034DF31CA096CC27A73358779F31FC2CDF97ED5E176524564042EE3D98B1E2EEB2140
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............>:... ...@....... ...............................\....`..................................9..O....@...............&..()...`.......9............................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................ :......H.......(!..(...................P9........................................(....*..z..z..z..z..z.*..z..z..z.*..z.*..z.*..z.*..z.*..(....*..z.*..z..(....*..z..z..z.*..z..z.*..z.*..(....*..z.*..z..z.*..z.*..z.*..(....*..z..z.*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z...BSJB............v4.0.30319......l...P...#~..........#Strings....L.......#US.P.......#GUID...`.......#Blob...........G..........3........!.......?...'...........7...........,...................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40216
                                                                                                                                                                                                                                Entropy (8bit):6.323074099775808
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:WAeZLIM8SQ3oCoyrTdssEI25wIzpbDCMlnEqaL7nDB1BcRiJBBEMWuRxw9zd:0F8ZcotEI25wapbDFlnBaL7nDBrzGMWd
                                                                                                                                                                                                                                MD5:5B2856DBED616E37B548C1A553AA2A3D
                                                                                                                                                                                                                                SHA1:102DB757C0897ED265DA55425AF0A36B334DFFBA
                                                                                                                                                                                                                                SHA-256:799D85C4883BE7BE24C3F620B16A9C9190F7EBB6A1C68E27C9A971F5F7BB8850
                                                                                                                                                                                                                                SHA-512:77888AF746520A6BF5F344FA57CAC6593FF05415D4E441E8D9993F8D9B5957D5398A6167EB5A39F44EEAA56F6E323D9494F810F3A6B9AC84DF30956D47E12798
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'[n..........." ..0..j............... ........... ..............................7.....`....................................O....................t...)........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............r..............@..B........................H........$..Db..................(.........................................(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..(....*..z.*..z..z..z..(....*.*..z..(....*..(....*..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z.*.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.Serialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17192
                                                                                                                                                                                                                                Entropy (8bit):6.684282851066347
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:LkXP2tNCj8N8LWgMr4BHWGYA6VFHRN7GkELRPR9zjO0jQp:LkXutNCj8N8Po4BlFClxQ9zKhp
                                                                                                                                                                                                                                MD5:1B4D714283918CC3F29285ADCC30CAEE
                                                                                                                                                                                                                                SHA1:FE85DD75367C8AB9AA9CD6430C553A18237C1F8C
                                                                                                                                                                                                                                SHA-256:06CD0BD2011F05F72D0F413489443354D7946A33F6B78B1DFDC939A8F9080696
                                                                                                                                                                                                                                SHA-512:314EAA273347B7A28DEACB78E25D6495090E8DC5594C3CF443DE7D5EB748014B37EA19BA36543FCCC7FA6CCB1C259E33AAF662B05AF3F824B8717E67E555884E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0............../... ...@....... ...................................`.................................y/..O....@..................()...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ..............................................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Runtime.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):829208
                                                                                                                                                                                                                                Entropy (8bit):5.691181430208094
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:Tyvuo5GtRHnOWMDoNneY5UXaOoOkcC7hvbYq+iOqlureZciPmeI6aPTqVb3kFb4O:Ty0zPlRJ7a3m7ckmoEBQMngvtNO4aj
                                                                                                                                                                                                                                MD5:017CFB5B57E298B8E6E68C552642E7A6
                                                                                                                                                                                                                                SHA1:49872826FE84D011DE0DCFF06B840EDE58628A1D
                                                                                                                                                                                                                                SHA-256:104F91BE23BEC9A6D26F37E87E0F960B78A14BA51520CB74098482EDF7EC97B4
                                                                                                                                                                                                                                SHA-512:1BD862D1795C6A21E76E8B470110F4622A3B4253FB09BEE299A4993DC3DAD6674C9E4447FA64F93331B66B24811CA085A0CA533B5C084B91F173E0FBFD0AD31D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0..t............... ........... ...............................P....`.................................4...O.......X............~...)........................................................... ............... ..H............text....r... ...t.................. ..`.rsrc...X............v..............@..@.reloc...............|..............@..B................h.......H.........................................................................(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z.*.*..z..z..z..z.*.*..z..(....*..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..z.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*.*.*.*.*..z.*..(....*..z..z..(....*..(.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.AccessControl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):37688
                                                                                                                                                                                                                                Entropy (8bit):6.345446270470239
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:hQDtSWnC4pm8PLBe1FN15BBBDKP1E7flEqvMiE0UfSuQu259jclbbwlBLJWBJWW6:SDwW3pne1r178IVMiShUK9asFWSB39z2
                                                                                                                                                                                                                                MD5:D055E3725B06FA7219BAC70C623166FC
                                                                                                                                                                                                                                SHA1:9FC7479945BFB7F9DB86C9B4C71D559A8C7EAFB3
                                                                                                                                                                                                                                SHA-256:3CD76926024C9A0BC90EC7D78CAD45CBACCE179C74B3A98C61B4A3B23D62D3DB
                                                                                                                                                                                                                                SHA-512:9FD2A2511AC392B2963A8ABA7C3D207564CA20718CB0AEDBD9A1F102B1AE0B5C2430D9895FEB2697F4759A54BE7D9C954797E0E052E398FFE589DE150F41AB40
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9............" ..0..`..........F.... ........... ...............................I....`..................................~..O....................j..8)...........~............................................... ............... ..H............text...L_... ...`.................. ..`.rsrc................b..............@..@.reloc...............h..............@..B................(.......H........%..@Y..................X~........................................(....*..(....*..(....*..(....*..z..z..z..z.*..z.*.*.*.*.*..z.*..z..z..z..z..z.*.*..(....*..z2......(....*..z6.......(....*6.......(....*6.......(....*6.......(....*..z..(....*..z..z..z.*2......(....*..z6.......('...*6.......('...*6.......('...*6.......('...*..z..(....*..z..z..z..z..z..(....*..z.*.*..(....*..z.*..z..(....*..z..z..z..z..z..z.*..z.*.*.*..(....*.*.*..z..z..z..z..z.*.*..z.*.*.*.*.*..(....*..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Claims.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32536
                                                                                                                                                                                                                                Entropy (8bit):5.964769312384307
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:Ye07RbtwOQwQFfzUU3j2bP6hv6kWwJg9z1q:YHbuOQwQFfzUU3j2bP6JxWXzc
                                                                                                                                                                                                                                MD5:7B70988FCF15E826F7E27CED2DB452D3
                                                                                                                                                                                                                                SHA1:CA63766D1A391FDFBF81703C730C9315156D722A
                                                                                                                                                                                                                                SHA-256:9999646657996D2F02A748D92B3CE487F0362B4AB1A936EEABE334624A1EAF0D
                                                                                                                                                                                                                                SHA-512:B11862163B826B24068985C55110B50CB6CC673799EACF6A69665DA57DF735ED368909D61D6063DA39305292FD5AE8BADE624630E14D72DE257F6BE6D00B1AFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........." ..0..L..........Rk... ........... ...............................b....`..................................k..O....................V...)...........j............................................... ............... ..H............text...XK... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................4k......H........"..PH..................dj........................................("...*..("...*..("...*..z..z..z..z..z..(K...*..z..z..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z.*.*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z.*..z..z.*..z..z..z..z.*..z..z..z.*.*..z..z..z..z..z..z.*..z..z.*..z.*.*..(....*..(....*..(....*..(....*..(....*..(....*..z..z.*..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17680
                                                                                                                                                                                                                                Entropy (8bit):6.616772216364839
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:nXqqGWqkBWxYA6VFHRN71aEpcR9z0B7i7:XVFoFCl1aEpw9za6
                                                                                                                                                                                                                                MD5:3E2C2FBEF86A88B2BF2FD8B177FD6D0A
                                                                                                                                                                                                                                SHA1:3B2B791ADBF69F9A37597B80FBA9E9932E49A6BD
                                                                                                                                                                                                                                SHA-256:A28C5AD8CFC585C3D225B07AC28C359EACE65765EAA306FF44D7A6511262792D
                                                                                                                                                                                                                                SHA-512:6671151577CC961CE2C016543EE78C6197ED5BA9ACBAD855641AF5F661BB0BB4A5253E9E7BB5AE52253ED451F90818289826C242659ECCE405C25F1B0092C83D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A..........." ..0.............V0... ...@....... ....................................`..................................0..O....@...................)...`..........T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................70......H.......P ..$...................t.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.725385029818809
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:GvVnAxNaH3xA+Dr+jWx2fWRFWxNzx95jmHnhWgN7agW3GByMyttuX01k9z3Al6td:mbHh7KjWx2fWoX6HRN7W2cSR9zi6tL5
                                                                                                                                                                                                                                MD5:B00B172EC15D23D3BED84FCFA40D59D2
                                                                                                                                                                                                                                SHA1:2B98143649573E5DF30EE989D46D1DE956BDFC4F
                                                                                                                                                                                                                                SHA-256:A589AC8A9E90BA4F3E96CEC8B360B894DAB5FBDEF0004EF428258A9DC28D309B
                                                                                                                                                                                                                                SHA-512:3822F4DC24FF40893470D15E05E4E54933D19350227CF07696231A8C7EAF955AC4B303C075FED0AE2AB6C25BF790F889178C06F340F2D22BFA342231EEE6E5F9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..........." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.795290241765418
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sSbUikV/AvcaTAFCA3xAiHIRWLgtWhW+WxNzx95jmHnhWgN7acWVxwVIX01k9z3G:RbUlhfIRWLgtWwFX6HRN7eR9zEOrc+E
                                                                                                                                                                                                                                MD5:E593AE76E4CFAC375120915947952FF6
                                                                                                                                                                                                                                SHA1:8015474D50021C65A65867636086E4A8A3A6F347
                                                                                                                                                                                                                                SHA-256:5DA38D4A9EB67C2EF23B416A505E0FDB2A22FD5FE45D241645B37B5B5F0BCCE8
                                                                                                                                                                                                                                SHA-512:43C7368A394B119839BAC8FC2B0F9213307C84F297CE480C0BFA3DF6300F3AA7B55E64E789D1EF619E88364387CB11D2228015D3A2CC8338596348D7B2772A0D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6J............" ..0..............+... ...@....... ..............................".....`.................................}+..O....@...................)...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16160
                                                                                                                                                                                                                                Entropy (8bit):6.7458016577263
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:szoXpW5ZWWLhX6HRN7SmO/7R9zj2INRSX:szoXGDpWfOF9z6b
                                                                                                                                                                                                                                MD5:FA0C6A5EBA91D8A8B17232345900DD2D
                                                                                                                                                                                                                                SHA1:75AE67259791C5D4F580A9D2E0E7A892CB3B0902
                                                                                                                                                                                                                                SHA-256:AA82B36AF87D73B54AB0F0E5EFD9FDB16AAA6D3F385F238364ACD36E482999F6
                                                                                                                                                                                                                                SHA-512:8A76EF22006A7D4D3DF580CE00D310574251A91E942400E39637B57840EFE8386E51E27C92839E63038397CC900EFF43FEFD68A6E8820FF0C03CAB924F7DF812
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..............*... ...@....... ...............................w....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.84073937768766
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:sygdxAWK9WAm5ijRW8ZpWjA6Kr4PFHnhWgN7acWLmFGyttuX01k9z3Al6tLw737I:ca9WAm5ijRW8ZYA6VFHRN73SR9zi6tLr
                                                                                                                                                                                                                                MD5:09D34FE80AF19BF5B77BBEFCC01F6E6F
                                                                                                                                                                                                                                SHA1:0A4FC9635C6710682C6D7FE32F91DC28C29ED7BC
                                                                                                                                                                                                                                SHA-256:F644B4FA91D1BDC0596F390C99A123C206D0115FDD18CE778A23254066F46270
                                                                                                                                                                                                                                SHA-512:E8131DB3070617A09955EFC7D267B2687A6FCFB7BD061FE027B54721C461E4D7119A0E80DD346865D187BE548001064A900479E99922835D90EC1222659D3DEF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0..............)... ...@....... ...............................U....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.783350992582665
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:IJ6y3F1cxAKh7jWI+3WepWjA6Kr4PFHnhWgN7acWWPVs8RwX01k9z3AzBhJ:pW7KLWI+3WeYA6VFHRN7Re9R9z6HJ
                                                                                                                                                                                                                                MD5:67BD5079FEA8657220315ED9B2DBAF97
                                                                                                                                                                                                                                SHA1:63F0A66127FEF3021E2B64B53758FF202C3318FD
                                                                                                                                                                                                                                SHA-256:13BC715968175667FEC2E02B13300F5DE2A867B754B79439D2633FF3F9240560
                                                                                                                                                                                                                                SHA-512:05B77B8A04F623F79E91D3381FFBABE7865089EFEFBEB29CDB016856C80D2CDEEB72473872D237B9A23F937CEE82021165BFF05E51065C4F8DE71B5B273A6EA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{x..........." ..0.............z+... ...@....... ..............................9.....`.................................'+..O....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................[+......H.......P ..H....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17184
                                                                                                                                                                                                                                Entropy (8bit):6.739673851144617
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:kw7H2ocvxA4fjxWemfWkqWxNzx95jmHnhWgN7agWMVkCY00pyEuX01k9z3Aly+E2:DH2ocZpWemfWk5X6HRN7LVVEpcR9z0Bv
                                                                                                                                                                                                                                MD5:3CC8CAEBB57D05D1909F39A6D647B901
                                                                                                                                                                                                                                SHA1:29F8797E4DD7F5BCD863FFBB7888029BD363361B
                                                                                                                                                                                                                                SHA-256:5826E377C017BB5C872E173DB728BB38FF072D1E0FB26B8E19B9ECA088752918
                                                                                                                                                                                                                                SHA-512:927D96034350439D2DE069018158A2A9F2C9BDEA8520AA09B3232ABD2C2283B41EEBD2A661A46333D4F95339B5191FC72F6F192FE7C6C6C4428BAD5661CC76C7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0............../... ...@....... ....................................`.................................s/..O....@..H............... )...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Cryptography.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):133944
                                                                                                                                                                                                                                Entropy (8bit):6.14068634891738
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:C208rJmUIzfFnJbAD8yoW1CidlhfvkUQzIgw9c9dRc3Y:Tbrinz819YwKCo
                                                                                                                                                                                                                                MD5:3AE9C94F767E66ABE3F26C164A34B046
                                                                                                                                                                                                                                SHA1:89D654D5655536D14907F5AEDF00CF5C4720B81E
                                                                                                                                                                                                                                SHA-256:041C1525A6C0736A8D67164FA3E5D3B96B7F930D24104C19C159D021A164DCBC
                                                                                                                                                                                                                                SHA-512:37B6E67A0EB4322545CC5E6727E84D20BFA4DFEB989FA376ED2FF095BFF573603611CC98E7F2AFAE69C12973D3083060172CE10B6A3CB061BB791DCB8C6E1FC7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@......+.....`.................................\...O.......................8)... ......@................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........>...............................................................(P...*..z..z..(....*..(....*..z..z..z.*.*.*.*.*..(....*..(....*..(....*..(....*..z.*..z.*..z..z..z..z.*.*.*..z..z..z..z..z..z..(....*..z.*..z.*..z.*..z.*..z.*..z..z..z.*..z.*..z..z..z..z.*.*.*..(....*..(....*..(....*..(....*..z..z..z..z.*.*.*.*.*..(....*..z.*..z.*..z.*..z.*..z.*..z..z..z.*..z.*..z..z..z..z.*.*.*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..z.*..z.*.*..z..(....*..(...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Permissions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):72056
                                                                                                                                                                                                                                Entropy (8bit):6.109562619819998
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:XfFM9C/F3U0Wo+DnGoTp+ZQbTrDYRYYYB9kD9hjpBYBlzyWviyQorpop0kM8b4:XtkP+ZIrDYRYYYB9kD9hjpBYBlzyerp/
                                                                                                                                                                                                                                MD5:EEA79C5A57C39BA54C3B8E892C3DAFA0
                                                                                                                                                                                                                                SHA1:4E2B0A116D867622CFE957332740B9895A361518
                                                                                                                                                                                                                                SHA-256:2C7DA9D5B320AC42648BC33B17C929BF9B7D7850243E669FE6DEEA03C8C95CAE
                                                                                                                                                                                                                                SHA-512:C2104588D7AA2F1427FDC4BD83F8E744B186B5FCC1EBE24F9CE324BC3CC273F066D047531BC8309BA432A75A3F48E728EC291F8EB716FAC5C384FB80A0C36B27
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............." ..0.................. ... ....... .......................`......L.....`.....................................O.... ..................x#...@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......@3......................D.........................................(....*..z..z.*..z..(P...*..(P...*..(P...*..z..z..z.*..z..z..z..z..z..z..z..(P...*..(P...*..z.*..z.*..z..z..z..z..z"..(....*..z.*..z..(P...*..z.*..z..z..z..z..z"..(....*..z.*..z..(....*..(....*..(....*..(....*..z"..(....*..z.*..z.*..z.*..z..(....*..(....*..z..z..z..(....*..z.*..z.*.*..z.*..z.*.*.*.*.*.*..(....*.*.*.*..z..z.*.*.*.*.*..z..z..(....*..(....*..(....*..(....*..(....*..z..z..z..(....*..z..z..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):27448
                                                                                                                                                                                                                                Entropy (8bit):6.49247399269465
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:7NiytbGNRJa9JB8koDAU5GUBfyqhcyKrNBJ8LEO8HfWFhOWR/X6HRN7PloI9WR9x:7YytaNRJa9kD9NiBGt8HYBWPg9z1
                                                                                                                                                                                                                                MD5:BECFDB234710F00BBF1F9535CD2A6E09
                                                                                                                                                                                                                                SHA1:0A9AF51E20A1D60CA45A3675274C1C35E82C06C0
                                                                                                                                                                                                                                SHA-256:1BDE41F200A80419EC5B261F7BBCA9555B84333D7E36ADE5D9A4247612D424E0
                                                                                                                                                                                                                                SHA-512:8A6F4F76ABEAB73C41173375CF465E73AA44E33D84855DCF5BE50831B1633C2CAA8A30A77B16E81CD1AE1DE74951C4A4234FCA816388770BAF3B61448AD8BE83
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....H..........." ..0..8..........JV... ...`....... ..............................._....`..................................U..O....`...............B..8)...........U............................................... ............... ..H............text...P6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................,V......H........!..t3..................\U........................................(....*..(....*..(....*..z.*..( ...*..z..z..( ...*..( ...*..z..z.*..z.*.*..z.*..z..z..z..z..z..(....*..(....*..z..z..z..z..z..z..z..z..(....*..(....*..(....*..(....*..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..(!...*..(!...*..(!...*..(!...*..(!...*..(!...*..(!...*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..z..z..z..z.*..z..z..z.*.*..("...*..z..z..z..z..z..z..z*....(#...**....(#...*..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.Principal.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15656
                                                                                                                                                                                                                                Entropy (8bit):6.8053996554852345
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:CB0LZxAyk4jWVUmfW2fpWjA6Kr4PFHnhWgN7aIW5agiZTOebR5X01k9z3AZZNFrg:zLD+uWimfWcYA6VFHRN7b9bt5R9zExr
                                                                                                                                                                                                                                MD5:C9285D5497F2850234F48A0CF5619C0F
                                                                                                                                                                                                                                SHA1:1B3AEAF0C40E401C1A2B4C19EAD12314B5782DDF
                                                                                                                                                                                                                                SHA-256:902D836B8CB066DC2279E4DE0979B5A380BDCCCCFA69634BA51111CAC2BE2F44
                                                                                                                                                                                                                                SHA-512:5EE72864A21C23B1AF540DAD95D67348837467A3CE19478B02223EE220441E40388B97C8E1110452F32EC2FB04BB63B649E49860153B5B1DF3F4D37D1C37866B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J. ..........." ..0.............j)... ...@....... ....................................`..................................)..O....@..................()...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.SecureString.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15664
                                                                                                                                                                                                                                Entropy (8bit):6.831153527632702
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:XMBPxo2xAjD/W1O3Ww81WxNzx95jmHnhWgN7aIWbTmAg7iDtagQ5X01k9z3ADqng:El6/W1O3WwpX6HRN7lriDtdQ5R9zaqcx
                                                                                                                                                                                                                                MD5:8CC719E1BA62CA6F7BAED90FDE41BF8A
                                                                                                                                                                                                                                SHA1:6F28D219D46E0A87658E0C46C5DABEFAE795F121
                                                                                                                                                                                                                                SHA-256:1AF90D82A617AFB3BCCFEEA39B6D18CFD3A7C93CC80C8B75DBFF0FD2E75E7BD8
                                                                                                                                                                                                                                SHA-512:E693831E7C4DE5BF2BF955A64D27B84F9ACABDC2BC6D7F150C582CE05E430C36BF48B22680E9A9831AE73A0615FD522576C22DD015CDE7D629413E200E5F138C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y6..........." ..0..............)... ...@....... ..............................QU....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Security.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18712
                                                                                                                                                                                                                                Entropy (8bit):6.530599284978063
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:jIhDM3WsKDWYX6HRN71nRxB+R9zpj5g9Z:jIh4iPW1nRxw9z15sZ
                                                                                                                                                                                                                                MD5:0E43639AE0E98F9148C913477276A391
                                                                                                                                                                                                                                SHA1:507E7B61569746ED20B920BCAD7D5C803D1E7736
                                                                                                                                                                                                                                SHA-256:C0F486C4FC818613DFC50485F7201B5A59A79851C3CCAB2FD75EDAB2456C33C4
                                                                                                                                                                                                                                SHA-512:1340334B451CC8F81D4FF525F5EE47988E3339921A8891CB5B0026E32669FCC0363D560478C05A81A7AAE4C81CE018CBD0DD6510DE94DED13B0892CF0EB424D7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...OZ............" ..0..............4... ...@....... ..............................+y....`..................................3..O....@..X............ ...)...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................3......H.......P ......................P2......................................BSJB............v4.0.30319......l...H...#~..........#Strings....h.......#US.l.......#GUID...|.......#Blob......................3................................O.....................0...........3.......x..... ..... ........... ..... ...r. ..... ...*. ..... ..... .................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ServiceModel.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.64645995156569
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:y3nspYI7GWGlM5W6WqWxNzx95jmHnhWgN7acWUlM/wKUWX01k9z3A/ylK:ptGWyM5W/5X6HRN712R9zUoK
                                                                                                                                                                                                                                MD5:E6CEF184273D2FE35362FF4E5D866FF7
                                                                                                                                                                                                                                SHA1:F6A57545875E5B8E1C8C05C0040BE9EA78207E3E
                                                                                                                                                                                                                                SHA-256:3D08EB5338C0C588C1ABD53FE726BAE0607E0B50312F0079B678E3759FA1ABBF
                                                                                                                                                                                                                                SHA-512:83D7671DC0B7E99068C8F322B1A81B090B54379EBEE2F9D6FED4104A138BDA4202EB92394B003134B73B9A2317A6592AD304C1435C7EBE5DA1953B1761130477
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1..........." ..0.................. ...@....... ..............................i(....`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ServiceProcess.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.754179132368782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:9NNuGxAo1BpWnielpFWYilpWjA6Kr4PFHnhWgN7aIWjvkYHnsTX01k9z3A1WdS:NHHpWnielpFWpYA6VFHRN7BYMTR9zUS
                                                                                                                                                                                                                                MD5:E5C676801CA76BCBF074E99710503F02
                                                                                                                                                                                                                                SHA1:63C05E75C9862CFEE2B26FCA0BE3F1FB4C37E175
                                                                                                                                                                                                                                SHA-256:634A5D94940A58BC90AFC5DFC90839359B0A9B2F7E0D7F12CDDA3281DF96418F
                                                                                                                                                                                                                                SHA-512:4CFB1A78F5698345174BBA119D51E48BC85A8381D8174231A7A2DD65C0281E726E34260B5EA5D1AD71DF5580070D4B4017CA4D3D9CF0592CA25600EE58FFD328
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..............+... ...@....... ...............................&....`.................................?+..O....@..................()...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................s+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.725384327546518
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:wwXXbdAWA1ZXdMWdYA6VFHRN7x89WR9zB0Q:wCRODXdzFClxH9z2Q
                                                                                                                                                                                                                                MD5:6B175D89D93FD379CB62C2881534C196
                                                                                                                                                                                                                                SHA1:BE2BD85BB81C9A5C6F9875B89E32C7A2F21C2B6A
                                                                                                                                                                                                                                SHA-256:05CCDFB9AE4F2DAA36C9ABA4EB7F898BC06F9FAA96EF62AB972034DBA6C96B7D
                                                                                                                                                                                                                                SHA-512:E7AAE5B83C5E58F13424F406B1D8C5A7AA87EE0EB1885A0BE4E47DF63702188F90B39A74790C54EC64E6905A89C79F5F86DA9B16B6603C1E889D99AC3AB4BBA9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0.............z*... ...@....... ..............................%.....`.................................(*..O....@..................()...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................\*......H.......d ..(....................)........................................(....*..z..z..z..zBSJB............v4.0.30319......l.......#~......`...#Strings....`.......#US.d.......#GUID...t.......#Blob...........G..........3......................................................z.........c.....6.....w.............`.........].....-.....................................................K.........................Q...W.Q...........Q.....................Q.U.....P ............X ......3...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21288
                                                                                                                                                                                                                                Entropy (8bit):6.4721635880772235
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2qORRnr5KrH0RzChd5W6sJWYYA6VFHRN7g6v8KER9zldy:qChd4RFCln8R9zC
                                                                                                                                                                                                                                MD5:930DADB478CD1C18B0BFDEEC0ACB0DD2
                                                                                                                                                                                                                                SHA1:363BCFFA20627A9C003115F58820CCA1D17EBAC0
                                                                                                                                                                                                                                SHA-256:968E442D0CC6A10C1854F46B09A0C0F26D4AA829422330EB7AF969CADA9E5E17
                                                                                                                                                                                                                                SHA-512:A461F3707588EEBE2B742243AFCAB1A6E9FDFD8E1586C1A11FE916DF282257B1F4CACE7D30809AB6556F8ACA0FF7B476ECC695FC75C1DE1E8A19DB6BBFA43E47
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j............." ..0.. ...........>... ...@....... ..............................M.....`..................................=..O....@...............*..()...`.......=............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................=......H........!..@...................$=........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(....*..(....*..(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..BSJB

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encoding.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.725439980411438
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:vzLJxAKpjWfgNWeWQWxNzx95jmHnhWgN7acWGPh3PMx6RMySX01k9z3AcyxaNIP:jJWfgNWzPX6HRN7PP9LMR9zPyyw
                                                                                                                                                                                                                                MD5:A16009A8EEBE01B264F1BD291D51DAFA
                                                                                                                                                                                                                                SHA1:7B4646DF65B243BBF2134594B08082F7CFE8F4A1
                                                                                                                                                                                                                                SHA-256:5F1FAA88187672DC240B18D4199BB8040BBE8F3F7EEC939DEC5ABB1407137D22
                                                                                                                                                                                                                                SHA-512:8EE0BDDA4F5BCDEB139C0D225E10385DA131808E7279EBBF2ED81CED81797A4E9118FCBCBAE46C07545D0B9D5C0527B81FE63E8543FDDC55125560518E676B9F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ql............" ..0..............*... ...@....... ....................................`.................................a*..O....@...................)...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26408
                                                                                                                                                                                                                                Entropy (8bit):6.500157612407834
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:VPJBcuysb26/f5SyAsFec1X1GWrHIWzYA6VFHRN7ISIYMTR9zUhG:VPJ+1s9fFxFFClTVg9zgG
                                                                                                                                                                                                                                MD5:7F7BDDB1EE6D658DD293F3EFC91B95A3
                                                                                                                                                                                                                                SHA1:91908802BE561389D6EEA82EBDD117343D1C97C0
                                                                                                                                                                                                                                SHA-256:9CDB506602ABF0FA4775F767E0B8F8EFE377338D3ECF6CC6BAF25C6427C37046
                                                                                                                                                                                                                                SHA-512:8F720AB9FB7BF5101CB0063BCA97CEA2AADEFF2D28C0E60CC7A31BF8D379CA0B3FDA91ED2F98E3133E4B246C2E03E7B6984CEE78E5817CCCF46B32BC908B0C25
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....H..........." ..0..4...........S... ...`....... ..............................f.....`..................................S..O....`...............>..()...........S............................................... ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................S......H........"..<0...................S........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.Json.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):74016
                                                                                                                                                                                                                                Entropy (8bit):6.294799901294691
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:5jntemcA5RtaLTpTRkHV5us483GeopYaHuah7WPEp4z/e:Fnte+tan9KHbusdavh7wXre
                                                                                                                                                                                                                                MD5:6C58456B7B756FC8BC17C6C20BB2778A
                                                                                                                                                                                                                                SHA1:EEED62DE9C2240163A3D4FB9DB99D520B8B17C4E
                                                                                                                                                                                                                                SHA-256:FABB3EEBE1047092F1E4ACDF27E36EE20912F9C4818CB65057ECFEC9EAC84005
                                                                                                                                                                                                                                SHA-512:933D966029503342445B4291B29ECCAB23D7E40701761A84226C46163FCA20D33230F0D2746FBE9C179A6D0CD9DFD83983EE714334631A396B360AED7E8CD85F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`.......o....`.................................H...O.... ..h............... )...@......,................................................ ............... ..H............text........ ...................... ..`.rsrc...h.... ......................@..@.reloc.......@......................@..B................|.......H.......|+..0.............................................................(5...*..z.*..z..z..z..z..z..z..z..z.*..z.*..z.*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..(6...*..(6...*..(6...*..(6...*..(6...*..(6...*..z..z..z..z.*..(5...*..z..z..z..z..z..z..z..z..z..z..z.*..z.*..z.*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):36128
                                                                                                                                                                                                                                Entropy (8bit):6.423926219790274
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:6vZJi/E/q/a/9/t/9/e7auen8/JOaE9UF4ZQWx6FT9zpr:6OcUF4qWx6Tzd
                                                                                                                                                                                                                                MD5:D4575FA3D90BC57C15F4BB544B7BC45D
                                                                                                                                                                                                                                SHA1:091A571144D8F7E672BBA61F00525E6E1C26B7A3
                                                                                                                                                                                                                                SHA-256:0E1F34570450D0AB9B6E9F5C7EC51801DD44AE02F418F4427627F992FCC2F97D
                                                                                                                                                                                                                                SHA-512:D51912E2501702A8726FC5826B1B59BE7D57817F8B49E06429B2DE563BDBA9C13E5BC28919D71080EAB922222807DA9CF58300910C8B9D4D8BD729FAFF1E792B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r..........." ..0..Z..........Ry... ........... ....................................`..................................y..O....................d.. )...........x............................................... ............... ..H............text...XY... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................4y......H........#...T..................dx........................................(M...*..z..z..z..z..z..(M...*..z..z..z..z..z..z.*..z..z.*.*.*..z.*.*..z..z..z..z.*.*..z.*..z..z.*.*.*..(....*..z..z..z..z..(M...*..z..z..z..z..z..z..z..z.*..z..z.*..z..z.*.*..z.*.*..z..z..z..z..z.*.*..z.*..z..z.*.*.*..z..($...*..z..z..z..z..z..(M...*..z..z..z..z..z..z.*..z..z.*.*.*..z.*.*..z..z..z..z.*.*..z.*..z..z.*.*.*..(M...*..(M...*..(M...*..(M...*..(M...*..z.*..z.*..z.*..z..z..z.*.*.*..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Channels.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19240
                                                                                                                                                                                                                                Entropy (8bit):6.620314848203044
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Q5L9kEaqLOPRmZAX9WMgNWrYA6VFHRN7nNpIBHR9zQ:OEPO96FClnEf9z
                                                                                                                                                                                                                                MD5:39B3F55D69B87F547715F2B56CDA42C2
                                                                                                                                                                                                                                SHA1:E332A7E74F8CA563B1E1CDCAE8011970C5148F22
                                                                                                                                                                                                                                SHA-256:41F2680AFF2F11208666BC9CD16CAB49B576497956E9D5BDAE66AEC0035ECDCC
                                                                                                                                                                                                                                SHA-512:C152EA5915911405C57C50E768CA151900D31F3F571E824D6D5F8502A8902B168DA0AC747AAFF7E94641158D44EF28675C9E76331DB12FEC840E2DCFDEF39F6F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...79............" ..0..............6... ...@....... ..............................+2....`..................................6..O....@..............."..()...`......p6............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H........!.......................5........................................(....*..z.*..z.*..z..z..z..z..z..(....*..(....*..(....*..(....*..(....*..(....*..z.*..z.*..z.*..(....*..z..z..z..z..z..z..z..(....*.*..z..z..(....*..(....*..z.*..z.*..z..z..(....*...BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...$.......#Blob...........W..........3........$.........../...!...........2.................................".........................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19232
                                                                                                                                                                                                                                Entropy (8bit):6.604900008970296
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:sddeXmUHAsHiAHrWcuHW3zX6HRN7vygcTR9zlRYD:GdeXIzW7WvaV9zl6D
                                                                                                                                                                                                                                MD5:2F4C06E7DA4E73A7F7708CB77A593758
                                                                                                                                                                                                                                SHA1:81339B3CA743216192AE12A203985C20FAD12B32
                                                                                                                                                                                                                                SHA-256:1927D3BEF5CFC41829FE94AA58D051AFA05C0F72113E4497E1B4822E42C77E5E
                                                                                                                                                                                                                                SHA-512:9B0717C9DAA6E719D0A08198F6E18757847FC6E43F25DE961E2214832BEBC8D07043F461391B5182BBBB9D10C95417F807E6A78793816214032EC1F14423F96B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[............." ..0..............6... ...@....... ..............................9.....`..................................5..O....@...............".. )...`.......5............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H........ ..H...................05........................................(....*..(....*..(....*..z.*..z.*..z.*..z.*..z.*.*..z..z..z..z..z..(....*.*.0.............(.....*....................z..(....*..z..z..z..z.*.*..z..z...BSJB............v4.0.30319......l.......#~......H...#Strings....T.......#US.X.......#GUID...h.......#Blob...........WW.........3........ ...........$...6...........B.............................................q.....q.....?......... .......q...............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32008
                                                                                                                                                                                                                                Entropy (8bit):6.441398213682688
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:/8kcpwel3nliYQwALapwLQWprXzX9y/hY17WR7W9GPU4/C/7Wz7W9GRWiBI4qY/5:/8Lw8XlVoywGFMSGRdHoFCldYD9zj
                                                                                                                                                                                                                                MD5:82D37BB3493A29ABC66DCB9DF8901800
                                                                                                                                                                                                                                SHA1:35CA8AA9FCD9BB61C4D9D1D0E3C276854C51887C
                                                                                                                                                                                                                                SHA-256:725576669C560276F1631F61E3BB1F5786372149FE8719A1F75E225986933983
                                                                                                                                                                                                                                SHA-512:74FAB85A3490E912E3D123B4D27B743068F57917DEE9654A978590A8C016E17C456C3AE38E89DBD337ADDD360F4CE4CEB78CD02D84D04A8C2C5E8D6DDC8C625C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....XC..........." ..0..J...........i... ........... ....................................`..................................i..O....................T...)..........pi............................................... ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H........#..lE...................h........................................(0...*..(0...*..(0...*..(0...*..z..z.*..z.*..z..z..(0...*..(0...*..z..z..z.*..z.*..z.*..z..z..z.*..z..z..(0...*..(0...*..z..z..z..z..z.*..z.*..z.*..z..z..z..z..(0...*..(0...*..z..z..z..z..z..z.*..z.*..z.*..z..z..z..z..(0...*..(0...*..z.*..z.*..z..z.*..z..z..z..z..(0...*..(0...*..z..z.*..z.*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..(0...*..z.*..z.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16168
                                                                                                                                                                                                                                Entropy (8bit):6.769727575357376
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SCVm05B091ncmJQ8fxGWSOXW5YA6VFHRN7l9WoJR9zgy:1VpM6urmFCl/R9zH
                                                                                                                                                                                                                                MD5:740A782D6B359CF77C9E7A1ADAB24F77
                                                                                                                                                                                                                                SHA1:8695E898EDFF87BA40B0D9A9C8CDB901A0C3C195
                                                                                                                                                                                                                                SHA-256:B1DC1408C74380CB9F02D9B9BB3B550770B98E27D377E60F216C4B14D602356A
                                                                                                                                                                                                                                SHA-512:31759B0AFE7EE71BE2DBC56C7273B9B125B9AC298B644ECCC60AAC7BFA1436BC72508C65D95353DCF944A49434BCE02C88D43B2A1E4253666C7F80FE741689EB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............V+... ...@....... ....................................`..................................+..O....@..................()...`.......*..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................7+......H.......P ..0....................)......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................s...............1...........A.......O.................................W...........1...................p...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20264
                                                                                                                                                                                                                                Entropy (8bit):6.607774478474639
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:UZvQ1bDmvlSor+IWDR+WSYA6VFHRN7/uLDtdQ5R9zaD8:UZvQkZOyFCl/wds9z
                                                                                                                                                                                                                                MD5:3D703051F5580AE5CD67810717ECD031
                                                                                                                                                                                                                                SHA1:732A88B49BCF0A609A2906440C035E1758F669DC
                                                                                                                                                                                                                                SHA-256:3CF3F5F38E90165881CC4DC1CC5ACFBAA9A6E2DECB92E335B815CE0168A7E232
                                                                                                                                                                                                                                SHA-512:78EEE0D414F455464CAA6B56BE3CC2F7A4590A441D408F1CFEEFA91A51036B2C0409229C29590634301F5D4FE6BA2B531E98AC69C61FF1C6874B9B0408956415
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;............." ..0..............;... ...@....... ..............................w.....`.................................x;..O....@...............&..()...`......\;............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................;......H........!.......................:........................................z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..z..z..(....*..z..z..z..z.*.*..(....*..z.*..z.*..z.*BSJB............v4.0.30319......l...t...#~..........#Strings............#US.........#GUID...........#Blob...........W..........3........)...........;...........?...........................)...................-.$.....$...A.....D.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Tasks.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17176
                                                                                                                                                                                                                                Entropy (8bit):6.623536186140361
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:laf4fk3CBFoq19k9WHazWbIX6HRN7NejA2IR9zJNml:laf4BLonjWNgU9z76
                                                                                                                                                                                                                                MD5:4B0EBBC7AB26C4FA2712DC1D7A9A430E
                                                                                                                                                                                                                                SHA1:7E4872B4C2DA8CD8C39421EECCFEDB644F7F5882
                                                                                                                                                                                                                                SHA-256:71F1B7847ED8C9DF6DB99ED7B756E4B846FEC646D8A8033C16A3945378AFC964
                                                                                                                                                                                                                                SHA-512:339EEC43B703566A3094718FF28066E2A6011C3DCBAABCB3C7079CBF466D88F91702FB6BD8342DF08046854B6AC0B37A756A4AE7AEF20FD9A2C5D63477B73674
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ...@....... ....................................`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Thread.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23344
                                                                                                                                                                                                                                Entropy (8bit):6.554472973431185
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:P5rZLYcbi82ro8vokGmKjujc/w151iWcC7WSDX6HRN74YMTR9zUOC:BrZL5i82roleB/lWFg9zC
                                                                                                                                                                                                                                MD5:0F4D3B4A86B6045C676EB3A1604B6EF0
                                                                                                                                                                                                                                SHA1:E493C09B7F12704BA5776F3A0451B09FD0EDE07C
                                                                                                                                                                                                                                SHA-256:E900B796B09466D18487FD82B428F9232E4903A94F69E70DDCF02C2C860AAC70
                                                                                                                                                                                                                                SHA-512:669269FF54628F2BE320A5BF2C37793E0D7419C74B9027A706959E1E6C9CC2683AF2095A14C81EBDF7013ACB4339DFA30106F65FFBD318503816ED07285DBABE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ws..........." ..0..(...........G... ...`....... ...................................`..................................G..O....`...............2..0)...........G............................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........"...$...................G........................................(....*.0.............(.....*....................(....*..z..z..z.*.*..(....*..(....*..(....*..(....*..z.*..z.*..z.*..z..z.*..z..z..z.*..z..z..z.*..z.*..z.*.*..z..z.*.*.*.*.*...0.............(.....*...................*..z..z..z..z..z..z..z..z.*.*..z..z.*.*.*.*.*.*.*.*.*.*.*.*..z.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*.*.*.*.*.*.*.*.*.*.*..z..(....*..z..(....*..z..(....*..(....*..(....*..(....*..(

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):18744
                                                                                                                                                                                                                                Entropy (8bit):6.627132566986495
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:WSam4x9HK92G0b/DkWEmvWD/pX6HRN7BURNuR7i1R9zORQ:7Kuq/WhWuuR7in9zP
                                                                                                                                                                                                                                MD5:F5819D15F11C340D02597531E9C801EF
                                                                                                                                                                                                                                SHA1:8E039213EB787BCBC177B7E95443ED69EEDEA10E
                                                                                                                                                                                                                                SHA-256:5135CDE9FDF09CC9B236573B8187B1C9649AE7AE451EC21C8892F15BE5B757C0
                                                                                                                                                                                                                                SHA-512:89571967F98C7C39C16D2E4D1322011514996E4F4F59AABBCFCC21644AA8E25E90D13CB533B44CC8AAC1B5CA1EB11ED41BF214559E9E66047146D2652DE563AD
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............4... ...@....... ....................................`.................................d4..O....@............... ..8)...`......H4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H........ .. ....................3........................................(....*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..BSJB............v4.0.30319......l.......#~..@...T...#Strings............#US.........#GUID.......x...#Blob...........GU.........3........$.......$...S.......8...........................................o.H...B.H.........h.....h.y.....H.........9.......d...)...................................?.....t.w.....w.....C...W.H...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.Timer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15672
                                                                                                                                                                                                                                Entropy (8bit):6.780056232573692
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:aeF6QoqNSEMWs1CWEX6HRN7vuc9WR9zBBGj:aUov4WvA9zbK
                                                                                                                                                                                                                                MD5:0A7251814B8BED94B4446C313D1BD7DD
                                                                                                                                                                                                                                SHA1:4BFE5154B22D587A69B1F8BB02A745A7CC0F6AFA
                                                                                                                                                                                                                                SHA-256:4A3352E5C4886501A6953E4C6448E389EA21C098A21638ED188A55C5A0C0E987
                                                                                                                                                                                                                                SHA-512:22E06FAB674F06A141C1631C483B885EBB8EC48A96C164ED69985E675CC3FEFD71E5BAAC6D29008379CD0B1C6D16928917C2BB1D58A016294C6580DBF93415A9
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R............." ..0.............&)... ...@....... ..............................%Q....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................d'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....|.......#US.........#GUID...........#Blob......................3..................................................3...x.3...3. ...S.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Threading.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32544
                                                                                                                                                                                                                                Entropy (8bit):6.314636152627293
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:mOOOzELcY5G+NRfedsSRKNoae892r22BPFClLzxOW9zH0H:mOOOMc0G+NvNFew2r22LiLzUizUH
                                                                                                                                                                                                                                MD5:C1C303CD698D2815F75BE3C50EEDAF2B
                                                                                                                                                                                                                                SHA1:FDC6CA9E746E16B7EFB7B2CF833530F449605A22
                                                                                                                                                                                                                                SHA-256:5A51A48B375EBEB75E3C5B2041862BD5E485DB45E32B6A8FCA96E34FFACCE704
                                                                                                                                                                                                                                SHA-512:B1272BC19C22BD30CD9AA3AFF45D3FDD74F8911271F2AF282861172C31C17638648CEA025C7DAA70C7D8551BEC44BC970CA5B9F1E88C7C2528DE8E585B48987C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jo............" ..0..L..........Fk... ........... ..............................6P....`..................................j..O.......h............V.. )...........j............................................... ............... ..H............text...LK... ...L.................. ..`.rsrc...h............N..............@..@.reloc...............T..............@..B................(k......H.......d%...D..................Xj........................................("...*..("...*..z..z..z..z..z.*.*.*.*.*..z..z.*..z..z..(#...*..(#...*..(#...*..(#...*..(#...*..("...*..z..z..z..z.*.*.*.*.*.*..z..z..z..z.*..z..z.*..z..z..("...*..("...*..z.*..z.*.*..("...*..z.*..z..z..z..z..z..z..($...*..z..z..z.*.*.*.*..z.*..z.*.*.*..z..z..(%...*..(%...*..(%...*..(%...*..(%...*..(%...*..(%...*..z..z.*..z..z..z..z..z.*..z..z..z..("...*..("...*..z.*&...(h...*..(&...*..(&...*".(&....z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Transactions.Local.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26408
                                                                                                                                                                                                                                Entropy (8bit):6.453410255557377
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:a9sXT/pjJvxlWXof0JthAYq2M9zLNWoExWuYA6VFHRN76oJR9zgp:aoT/pjJ6XFJB1M9eLFCll9zk
                                                                                                                                                                                                                                MD5:C3AF13319A1418635CC5C61683FBFC7D
                                                                                                                                                                                                                                SHA1:287F6699AAA7B7ADC7D924529B64AA3D5923D73B
                                                                                                                                                                                                                                SHA-256:57EAD13A03C6A2A4ECFEF5997BB061526905776D04485656C4FF3FDBA215BD7A
                                                                                                                                                                                                                                SHA-512:30DF60C3DB0E039C6F53D0F318CA5B9AA4ED853B44E94644A8FB6830505ACFEB68C0105835F5673AEF78BCED7B3F7CDFE846643D184C4C5807EA2C666D2F6171
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..4...........R... ...`....... ..............................b.....`.................................XR..O....`...............>..()..........<R............................................... ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................R......H........"..,/...................Q........................................(,...*..(,...*..(,...*..z..z..z..z..z.*.*..(,...*.*..(#...*.*..(....*.*.*.*..z..(....*.*.*.*.*.*..(,...*..(#...*..z.*..z..z..z.*.*..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z.*.*.*.*..(Q...*..(Q...*..(Q...*..(Q...*..($...*..z..(%...*..(%...*..(%...*..(%...*..(Q...*..(Q...*..(Q...*..(Q...*..(#...*..z..z..z..z..z..z..z..z..z..z..z..z.*..z.*..z.*.~....*.......*.*.*.*..z..(Q...*..(Q...*..(Q...*..(Q...*..z.*

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Transactions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16656
                                                                                                                                                                                                                                Entropy (8bit):6.711937162453506
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:rw3RC0uWzliWkYA6VFHRN7P4EpcR9z0BHky+:03RC0xoFClP4Epw9zaHkb
                                                                                                                                                                                                                                MD5:18BA1339DDC5D2FA9B78F7AC1C18624E
                                                                                                                                                                                                                                SHA1:FEA42F32DF780D9E9B180B149BC051DCC4C2CECA
                                                                                                                                                                                                                                SHA-256:033AD774B53A4CFF5AE9AD00AD51FB44FB7E34CCE86BB88E077046BBDE82094E
                                                                                                                                                                                                                                SHA-512:692E2FB1E69480A1D3264ED6666A2F0CAB1E05CDD6EE85DAFD58BF495443094DCC5D94864A2ACA6E7525129DB4F1442C3B80B52FF2C129E06C86DE6330A10605
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ..............................k.....`..................................-..O....@..x................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.ValueTuple.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15648
                                                                                                                                                                                                                                Entropy (8bit):6.81235116499574
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:56yhm7Qv3Wt7VWhWqcWxNzx95jmHnhWgN7agWaNVAv+cQ0GX01k9z3Aspnkf5l:8yh93WtpGWqjX6HRN7PNbZR9zBdkfP
                                                                                                                                                                                                                                MD5:FA3ADB76CA6EB3A67A5E4B6B24338726
                                                                                                                                                                                                                                SHA1:57EA6862DB7DE23B47C34A804C0F1C10E3BC19A2
                                                                                                                                                                                                                                SHA-256:4B3C5F41F52F16E2F4EC27BE12610A8437DE61F2B4CE53E383521A74D7937F44
                                                                                                                                                                                                                                SHA-512:906624CE50242A01B84603D8100AC37C73B55821D111EB56186EB2CB41BC27945FD69DCD140DEC88FAD42C5A62E5504F72E78B0C21BFC7DF39CD3C7290D84E6A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i..........." ..0..............)... ...@....... ...............................2....`..................................)..O....@..h............... )...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Web.HttpUtility.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17720
                                                                                                                                                                                                                                Entropy (8bit):6.679807967464404
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:T3a/JAXqXgKOWTLwBUCWyX6HRN7QyoJR9zg+:TKxAXqXQlWQ99zj
                                                                                                                                                                                                                                MD5:CCB130822E6DFD1D4CDE387B7CF15D7B
                                                                                                                                                                                                                                SHA1:4AE240C09C113C5FA210E81DCFD0D06C5BC567CF
                                                                                                                                                                                                                                SHA-256:684B72207FD9FE01C68E4CC2637A49B64EB66341AEA9D867A2130F7EEC071AE9
                                                                                                                                                                                                                                SHA-512:A90BC7095FA640427EF901803627CB14BDE69FAAE925552667B0541DEFBCC833B7BC3D856393E70D73F9D1F30687F39B1F8BD28A722A4AA254BFF56BCCC68C5D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............1... ...@....... ..............................#F....`.................................h1..O....@..................8)...`......L1............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........ .......................0........................................(....*..z.*..z.*..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID.......@...#Blob...........G..........3................ ...H.......A.............@.................................*.....v.......b.....b...G.[.....b...,.b.....b...].b...z.b.....b.....b...............]...........O.[...C./...

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Web.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):15624
                                                                                                                                                                                                                                Entropy (8bit):6.7523247989432935
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:iZL6h2FWVvo9W8YA6VFHRN752Y2MR9zPy0:iZWhAdFCl52Q9zK0
                                                                                                                                                                                                                                MD5:0031FC0CF7730A0D2A235083C7BE48D4
                                                                                                                                                                                                                                SHA1:FC6B6BD1AE65FEF8DCAFE4FEF263F36270ADED3B
                                                                                                                                                                                                                                SHA-256:9351D54C7407694F2ABB14DE7770A85CDE97AB0E603B9B54800DD78D4D10E59A
                                                                                                                                                                                                                                SHA-512:C25AAC8EE4FC10A8E53772C5FE9804C63E116EF4A2129EDFCC0D798417F96118FC7ED510656C6507132CBE9500676EC05D0A5F6A77B76CCE068BEC7087344FA7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=..........." ..0..............(... ...@....... ..............................7*....`..................................(..O....@..8................)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~.. ...D...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3............................................................>...........i.....$...........T.....j.....9....................... .....R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Windows.Extensions.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19320
                                                                                                                                                                                                                                Entropy (8bit):6.393803268200896
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:BcLD+x2F7Oe7TXnBWFDRWHMQHRN7WZol65j9:mv3UEM8Oj9
                                                                                                                                                                                                                                MD5:8C52B6AF10CCADBEAA8138C362A390FC
                                                                                                                                                                                                                                SHA1:1186EB3463D799453DD37F452B2E0FE557500786
                                                                                                                                                                                                                                SHA-256:233927ADB29D5555CDEDC5D1C50085C58F415872DC6E7E2B907F90EE7A9CFE6D
                                                                                                                                                                                                                                SHA-512:F5FB0E86A547F5E7CB71F760714417BF2A0C1E941FFBB7B3EFB80835288520D9E20547916401B9DA69172A9291AC85EDAB73D7303A271FA7D18E3F158F309938
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r............." ..0.............:=... ...@....... ..............................B.....`..................................<..O....@...............(..x#...`.......;..T............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H........!......................p;........................................(....*..z..z..z..z..z..z..(....*.*.*..z..z..(....*..(....*..(....*..(....*..z..z.*..z.*..z.*..z.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(....*.*..z..z..z..z..z..(....*..z..z..z..z..z..z..z..z..(....*..z..z..z..z..(....*..z..z..z..z..z..z..(....*..z..z..z..z..z..z..(....*..z..z..z..z..z..z..(....*..z..z..z..z..z.*"..(....*..z.BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Windows.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16136
                                                                                                                                                                                                                                Entropy (8bit):6.713032229773769
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:oaHtXz5UAWElSWNYA6VFHRN75FwB2IR9zJZpA7:7xNUo5FCl3wwU9zW7
                                                                                                                                                                                                                                MD5:CF29C8C0F79AB74BB29D01A8CD114146
                                                                                                                                                                                                                                SHA1:DFFFCA8A3FB3CA3DEFD6F74DEE30D0A2C3824A70
                                                                                                                                                                                                                                SHA-256:60E61212B4413692C26885707CF656A94D9676FF416C009FECA45C13B45271AE
                                                                                                                                                                                                                                SHA-512:FE22D7A38752FF490568F9041C8FC063EAF2828B9D136446BA2F183B6433CCD1D184A4B1355B13ABF2CDE428025EE0C36D42ACBB2006539A9EFF31A166432DB7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................X.....`.................................Q*..O....@..X................)...`......t)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...|...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.Linq.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.701189252773519
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:vc17FduW1H4W1W2yWxNzx95jmHnhWgN7acWPwy8RwX01k9z3AzBhxH9cHYNm:uWW1H4WUmX6HRN7YV9R9z6Hxu4Y
                                                                                                                                                                                                                                MD5:30E9D9AC1BBC20DF3488FA252015553E
                                                                                                                                                                                                                                SHA1:FB9419C4C85DBD5A3E2A9419AD34B4635C6CB544
                                                                                                                                                                                                                                SHA-256:79D0149A24692E7C6B2EEB854CFBF3400702ED3D6640AA471ECE856B59E269E8
                                                                                                                                                                                                                                SHA-512:22BAE9984027A91DD7AAA53E05B387C20315153C30954E6770538D85C0990C2622BD16E42CF7C70DD88BC01975A886B99D8AFFBF859C2C339ED3A18D6BCDE5EA
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0.............B+... ...@....... ....................................`..................................*..O....@..X................)...`.......*..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................#+......H.......P ..@....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):115976
                                                                                                                                                                                                                                Entropy (8bit):6.2584144747234935
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:D44usuAF7jUHQRtS1ccQsvoALvYC525BmC/aIV:UAFHUHQRJczoALvr52da8
                                                                                                                                                                                                                                MD5:35DF10CCC91B5572AF9994783C73301E
                                                                                                                                                                                                                                SHA1:73A47126B8AD49F0EF1520E193450AC288DB6EEC
                                                                                                                                                                                                                                SHA-256:51F56352CC6F26B875DB72B06B5F56ECD5751813995E78190CB3EBB4E4EDDA5B
                                                                                                                                                                                                                                SHA-512:20306A31D42DC5F11F3082F164A9AC0E535B9B9A19B1DF703851BA07ECE0DA301A33606042C3389DECC2B610E96C82271CA65C0846953BBFD544D5DB92F17CA1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...............................Y....`.....................................O........................)..........t................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........7...x............................................................(q...*..z..z..z..z..(v...*..z.*.*..z..z..z..z..z..z..z..z.*..z..z..z.*..z..z..z..z..z..z..z.*.*..(\...*..z..z..z..z..z..z..z.*..z..z..z..z.*..z..z.*&...(B...*..z..z..z..z..z..z.*.*..(Y...*..z.*..z.*..z..z.*.*.*.*.*..z&...(B...*..z..z..z..z.*.*..(1...*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.Serialization.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16680
                                                                                                                                                                                                                                Entropy (8bit):6.632838369230027
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ZIhLW7MIEqHWJYA6VFHRN7cNviCksR9zcm:ZIhkbEqSFClWio9z3
                                                                                                                                                                                                                                MD5:14A3984EA8B856B26EF616F614D5350C
                                                                                                                                                                                                                                SHA1:CDD8701E19708B6916F3336BCA9B5D60777EB41D
                                                                                                                                                                                                                                SHA-256:C9C61183DF3FB4E23A0D98D3A1464352D84BBF80DBF05B5F2DFD5FB8186CA4E1
                                                                                                                                                                                                                                SHA-512:B99B727D1D0FCF453F6F1631C46D817A828B02A8E3D231A772E18433BA0133D0EED747C5E6563A9FC7CDBB75183C986F10DAA639AC8DF230DAE68AEA1A09A214
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"..........." ..0.............R,... ...@....... ....................................`..................................+..O....@..................()...`.......+..T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................1,......H.......P ..<....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):34584
                                                                                                                                                                                                                                Entropy (8bit):6.319985145295804
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:AMsq+IWoClGDrbI0RCm1k3v11GH111a1wWv111w1u43BGm3cqFMmekMobCj57aMa:AMsXoWUGNAcq6mG7dnh1HZfWMe9zHx
                                                                                                                                                                                                                                MD5:6B9F2B5AFF528AB7E1D470A6B6D160A2
                                                                                                                                                                                                                                SHA1:81B37E02A5C16E87F0301E1896FD76FAA2543465
                                                                                                                                                                                                                                SHA-256:3DF9901D6F010470821EB3A866AE1A41D33F87178BFDF7211AAA98B15BCFC43F
                                                                                                                                                                                                                                SHA-512:4DAF03339E0BBC5AE0313547809FB976D08AE265727D776C0455416667EA2E2043F04F356E188297CCAF1AD7B1412F09E4DDD92F527327A15E971AA7FA46C3BF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0..T...........r... ........... ..............................\d....`.................................<r..O....................^...).......... r............................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B................pr......H........$...L...................q........................................z..z.*.*.*.*.*.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..(4...*..(4...*..z..z..z..z..z..z..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z..z.*.*..z"..(c...*"..(c...*..z.*..z..(....*..(....*..z..z.*.*..z..(....*..z..z.*.*.*.*..z..z..z..z..z..z..z..z.*.*.*..((...*..((...*..z.*..z.*..z.*..z..(M...*..(M...*..(M...*..(M...*..z.*..z..z..z..z..z..z..z..z..z..z..z..z..z

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.7236933831340195
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ovMSh1h3jW0heW9AX6HRN7fVXC4deR9zVj7AE:4h3t2WfVXC4dC9zVjX
                                                                                                                                                                                                                                MD5:90A6B6E6A6FACE3110E4A7EBA429960E
                                                                                                                                                                                                                                SHA1:6C00196C59AFE3E485E381FF219C0C256D04BE9C
                                                                                                                                                                                                                                SHA-256:F1509A784AF3C70274F12B37F9BE0C7BC4B05E0E3F628532B7E4C40B1B23B0D7
                                                                                                                                                                                                                                SHA-512:810B20D5268439C2FA6CF8511DAD4AFE65C09D98B2CCFBEC17E615A86A9A3DC6FDB461D03F28B3844D7170E30120E166B5DB6D383E38036C1C110EAE6704E11B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U............." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`......h,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......l ..|....................+........................................z..z..z..z..z..z..z..z..z.BSJB............v4.0.30319......l.......#~..D...@...#Strings............#US.........#GUID...........#Blob...........G..........3............................(.........................................................../...........v...........f...........Y...........3.......................J.......................m.....3.....>.....>.................U.........................Y.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XPath.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):17192
                                                                                                                                                                                                                                Entropy (8bit):6.7133372288942725
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JQD15binpIrf4DWB2vWyYA6VFHRN7VaoJR9zg/n:JQx5qII5FClVF9z6
                                                                                                                                                                                                                                MD5:821151D8A2A5A3645543B10A41925A06
                                                                                                                                                                                                                                SHA1:86B5F71E6ED53A0013FB618283EA854AC3A8CA7F
                                                                                                                                                                                                                                SHA-256:8949C9785EB83A1B44FCC0F0D1C19F02EF58599E3C0A73EFF3D8062A3DDB6C28
                                                                                                                                                                                                                                SHA-512:56B408402805D0D42A1A67B4D57E7C794EABAC893491642E4EA933DBB827A541325300D306B449C863B3FDBF09A9C4E6F6E96DDC69984847B5C543B308275D66
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oY............" ..0............../... ...@....... ..............................].....`.................................</..O....@..h...............()...`...... /............................................... ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................p/......H........ ................................................................(....*..(....*..(....*..(....*..(....*..(....*..z..(....*..(....*..(....*..(....*..z.*BSJB............v4.0.30319......l.......#~.. ...$...#Strings....D.......#US.H.......#GUID...X.......#Blob...........G..........3........#....................... .............................4.................................9.......................<.l.........!...........R.....o.............................R...........

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16152
                                                                                                                                                                                                                                Entropy (8bit):6.767329523656509
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:DTdo1x3iWe7sWo6X6HRN7lVXC4deR9zVj7uS:Xdo1sBWlVXC4dC9zVjr
                                                                                                                                                                                                                                MD5:123A240246001C458E14CA32D40D56EC
                                                                                                                                                                                                                                SHA1:473A3DF6DF0269BC824B6B90217CFA2141AF59C1
                                                                                                                                                                                                                                SHA-256:BAE0097F29C72DC7095DB06156D11BE9949C28CD8FFE5605851FFA8308B443BA
                                                                                                                                                                                                                                SHA-512:58AB7B7F06BC0A418B77DCBE8ABDC66850791B3D0AC4EB3819EA717B5B151B167B7CEE7ECDBDB86E66A1EF073B7E877ADB0C70F3B973E712DCB637BC504D0916
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..............+... ...@....... ..............................;n....`.................................E+..O....@...................)...`......X*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................y+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):50984
                                                                                                                                                                                                                                Entropy (8bit):6.223017970599879
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:/XgUGzVlGfb5KEAKJ4dSSmSafeOi29zDKM:/XavROjyM
                                                                                                                                                                                                                                MD5:0CECCA19D95AA6245E98DEB0E88E6182
                                                                                                                                                                                                                                SHA1:96C3878C8A30F036F84C45D4DD668884EC6E9A3E
                                                                                                                                                                                                                                SHA-256:0B771B4A5F5E415534A4C1EC0D8C2047BC86BF8C617A22265FE87AC89B4CDF8A
                                                                                                                                                                                                                                SHA-512:0D31CED69959C9F73DAE4CD1781EB19B38FC2EC239BAF607D6E00F8AAAE0B66FA902DC4FC0749807294D36C48268BE15FF51BCBAD9B2D0EF1CDC7AB5B227C31B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............&.... ........... ..............................}.....`....................................O.......................()........................................................... ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........(..8...................8.........................................("...*..z..z..z..("...*..("...*..z.*.*.*..z.*..z..z..z.*.*..z..("...*..z..z..z..("...*..(#...*..(#...*..z.*..z.*..z.*..("...*..z..z.*.*..("...*..("...*..z.*..z.*..z.*..z.*..z.*..z.*..(#...*..(#...*..z.*..z.*..z.*..(#...*..(#...*..z.*..(#...*..(#...*..z.*..("...*..("...*..("...*..("...*..z..z..z..z..z..z.*.*..("...*..z.*..z.*..(#...*..(#...*..(#...*..z.*..z.*..z.*..($...*..z..z..(%...*..z.*..z..z.*..z.*.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.Xml.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23848
                                                                                                                                                                                                                                Entropy (8bit):6.279851716286934
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:x5FIeq5ufyw8bcB8yGOk2Y0WKvjsWLYA6VFHRN7RQXu0R9zI+SI:x5FIeWv2dNFClRGu49zp
                                                                                                                                                                                                                                MD5:70B07221E2FF122EDC83D1CE7878F071
                                                                                                                                                                                                                                SHA1:10DC2947E778C5D3279251214FFC4D6F537AAFBA
                                                                                                                                                                                                                                SHA-256:C55AFCA244EA174CD7D26B81342B831D61D15F3D80EEE9406168F136CBCDD5B6
                                                                                                                                                                                                                                SHA-512:DB0114AEA937A0443595C1CCF577D540FAEDCB632C0475B1C3CA26A5076CEFADF916196DE0CCB924A657428E77FE892748AE22D495668445B4E113C98B89EA85
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ....................................`..................................H..O....`..8............4..()...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\System.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):49952
                                                                                                                                                                                                                                Entropy (8bit):5.733794313432298
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:02/oXs5bjxVei5URre5OVb1n02zq1TttHqtKAW3ivF9z6I:p/oq/ei5QjzCDmHWwzP
                                                                                                                                                                                                                                MD5:176DC04EE3F72D17FB8ECFA3F1F1386C
                                                                                                                                                                                                                                SHA1:B9776AC120CB4E12C3A4787BBE4DEA3450EBEC56
                                                                                                                                                                                                                                SHA-256:C19FCABCC23ACEF6F6C0A442B46EAB8B65F069E2A6D2EE160C4F18A7A7CEE93E
                                                                                                                                                                                                                                SHA-512:EDCF84814E83116E1927203E601B3E7DC3A208EB3944FDB7FC7DBE751F5D054EBC873230E9CA5A76D2FF77DFF956DD3A26410A4C2B0F954A9DCBA88960D780BE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?.G..........." ..0................. ........... ..............................o.....`.................................x...O....................... )..........\................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .............................................................BSJB............v4.0.30319......l....9..#~..L:..HQ..#Strings............#US.........#GUID...........#Blob......................3............................/.........d............<..a..<....R<...<.............<..... ..A.. ..>.#...... ..#.. ..... ..... ..... ..... .._.. .................:.....:.....:..)..:..1..:..9..:..A..:..I..:..Q..:..Y..:..a..:..i..:..q..:..y..:.....:......L.....U.....t...#.}...+.....3.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\WindowsBase.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16664
                                                                                                                                                                                                                                Entropy (8bit):6.726952486721783
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:6asFWQClWVrcW+ZX6HRN70oFr9R9z6HrUv:NCn8W0oFD9z6LUv
                                                                                                                                                                                                                                MD5:AF65B24620A1E57D5AF9C71EE3AD9587
                                                                                                                                                                                                                                SHA1:32E842B3D79AF9B8076F807481A8FE37E5537037
                                                                                                                                                                                                                                SHA-256:54123FC5B700ACA49B87F05A94C42D65F094EEB4EF450CD51FCEB73DB303FAB4
                                                                                                                                                                                                                                SHA-512:CEE9E50631869F2D0976217BAE8A3CE78DFF933EC62A4D2D148C72631EC37746160D64EAA959246A5E2A4FF9AFA0186171EDA5972D3AA3A732ACF1F1CCE00A13
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V1*..........." ..0..............-... ...@....... ...................................`.................................O-..O....@..8................)...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\mscorlib.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):56104
                                                                                                                                                                                                                                Entropy (8bit):5.652325917213062
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:bFtE8TxE5W4Hhgel01Q7Y5MG2zeFClR8R9zf:bFK+E5W4Bgeq1v5Iz6iOzf
                                                                                                                                                                                                                                MD5:8638F976EF5A040F14D51A6540DA8C63
                                                                                                                                                                                                                                SHA1:F8009BFCAE42606A5A7E35CD9DF7EEFBC04F9B44
                                                                                                                                                                                                                                SHA-256:D3C82AF7A042B7DF639F4BFD82D55BA46B7B01A2E87C82B0F8B967D0EB53BE9B
                                                                                                                                                                                                                                SHA-512:F3ED1A6E4A6B560B85034275BD942E2218815B5D7044F6F57138634A4EF1EA3A95A83C40C6D31F33BB39A625417D011D441F6A0916320BFE186F0CC44639C8E1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%JA..........." ..0.................. ........... ....................... ............`.................................<...O.......(...............().......... ................................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................p.......H.......P ..P...........................................................BSJB............v4.0.30319......l....H..#~..LI...Z..#Strings....`.......#US.d.......#GUID...t.......#Blob......................3............................"..........*........0!.I...$.I..a.MI...J.......'..Y$.I...../... ./...".+...$./..."./...../...../...../..9"./...../....(............H.....H.....H..)..H..1..H..9..H..A..H..I..H..Q..H..Y..H..a..H..i..H..q..H..y..H.....H......C.....L.....k...#.t...+.....3.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\refs\netstandard.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):101160
                                                                                                                                                                                                                                Entropy (8bit):5.502135579975956
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:bYsYXj0p2NYq5V4bgDHsPdIpuSE5L3Ukcz9wnXiKdkz:MMkYe4bgDUAxCnXI
                                                                                                                                                                                                                                MD5:937A6DCE409FE67D60722137A5E860EC
                                                                                                                                                                                                                                SHA1:9DC0849E2164D7B25F7F0F6DC3B9600EC431E914
                                                                                                                                                                                                                                SHA-256:F56C741CC18D17CB031A9CDEB3DE3C4662CF80CB65F434DCA5DF328AC682C5C1
                                                                                                                                                                                                                                SHA-512:B5379A528CDCB6F55A85002D89FCA19B2C2BC9461647E3B81791D63E8F2E0227B22427CB2A60393F3A6FC9B1E407E23E2B22AF93C378A16D83B232CA2DE74D79
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..X...........v... ........... ....................................`.................................?v..O.......8............b..()..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...8............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\.net\iTVsz8WAu4\169c\sni.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):160040
                                                                                                                                                                                                                                Entropy (8bit):6.333962640370861
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:zGaHqhU3X+sWqpyojzXVgO/U9SS2PCKPZteYlbLUrHeUJcJnWMROkIvNHc:znHSK+svytSS2PzbeYlbLk0n+Hc
                                                                                                                                                                                                                                MD5:7F1799B65B98450A19E4D049E9D3E70D
                                                                                                                                                                                                                                SHA1:EC80C5A33374423A9E986C383A36A97DA70A3584
                                                                                                                                                                                                                                SHA-256:68705C4EF9AB818F2956A78E05F3FEFCE501A1448793B073B46110BEB49B47D6
                                                                                                                                                                                                                                SHA-512:8D67297C5CDED487C88FCAAD5A36E80926DAD8F1863E38F397751056F51258AC7B5A9E5C09C01BBA7A224F38FB2EE719586FAF0BA81516E05A19649EB09E7B78
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...0..0..0.....0..3..0..5..0..4..0.M ...0..1.+.0...9..0...0..0......0...2..0.Rich..0.................PE..d....hfY.........." .................K...................................................`A............................................X...X........................2..(?......(.......T............................................................................text............................... ..`.rdata..D...........................@..@.data....S...0......................@....pdata..............................@..@.rsrc................(..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\mso453C.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):663
                                                                                                                                                                                                                                Entropy (8bit):5.949125862393289
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                                                                                                                                                                                MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                                                                                                                                SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                                                                                                                                SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                                                                                                                                SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpkuxmb2.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\Documents\Your_Benefits_and_Role.docx

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                File Type:Microsoft Word 2007+
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):16036
                                                                                                                                                                                                                                Entropy (8bit):7.395550738995465
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:djbGP/uGWZmqibNxt/ZtNNjpVjan+hjregKELqJJJYc:1bGP/uJZ7iBxllNjpVjFFLC
                                                                                                                                                                                                                                MD5:8D226F80DA462D88E080C6BD6857550C
                                                                                                                                                                                                                                SHA1:8F543B99D70FFED51B1BF9C6C33791592AAD04FF
                                                                                                                                                                                                                                SHA-256:0AD7054EDB3D096B1D771D9E1FE393B98E11D2320124A1BEF51FFF9704D834E7
                                                                                                                                                                                                                                SHA-512:F3CF47989D2BF28F30F7D9867396DF8F270821C6CE298C81A226E943E4E37D194642EA1A192D77FDE9C316B417C4B082B91130A9965C6271B829EA02F895BDC0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:PK..........!.2.oWf...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4ND.B.....81.$14.. ..{..1...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$:...B~....^.K......../P..I..~7$....i..J&B0Z.Du.t.OJ.K(H.....xG...L.+..v......dc.....W>*..\XR..m.p....Z}.....HwnM.V..n....-..")/..ZwB`.....4........s.DX...j...;A*.....c......4....[.S..9.> ......{.V.4p....W.&....A......|.d.?.......PK..........!.........N......._rels/.rels ...(...........................

                                                                                                                                                                                                                                C:\Users\user\Documents\~$ur_Benefits_and_Role.docx

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):162
                                                                                                                                                                                                                                Entropy (8bit):4.676209416438157
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:MCGGhQsw1hRUDxodsYEyn/gM2lYf94/I:MDbyDxDD0/TbGQ
                                                                                                                                                                                                                                MD5:BAA4E7072C43BA2BE765B4F3E002E909
                                                                                                                                                                                                                                SHA1:A9F8806CBD466EA6986E1A3F69010FFE8B661D0B
                                                                                                                                                                                                                                SHA-256:1A3BBA61F570BF053539EBA2A2D0C3AF664ACA5B7AF1F465A55F600CD9D4D267
                                                                                                                                                                                                                                SHA-512:ACB906940CCD2D5450BA1D737751C22F32E02ECED27FC0606BB1EF46A998DE219BD244D35A86686EA651CDCCB06785A631363C174AFFFA445097598FCDBEACC1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:............................................................R..P....G...'..Q*........1..1.5...t9".q...H.NXg.@R...G.~..&.a.I.,q..f......=B.e...}.j.....W...=sj

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):7.798476781458859
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                File name:iTVsz8WAu4.exe
                                                                                                                                                                                                                                File size:43'526'138 bytes
                                                                                                                                                                                                                                MD5:d6b0f6b6e4687d0d33f9c4523219a1a9
                                                                                                                                                                                                                                SHA1:fa1864dac95ecfcfa21dd62a7a8de5ebec7cc339
                                                                                                                                                                                                                                SHA256:ff542214469620d4b284472dae80e77d50f0b6a1f3da3c2b0922243a8796ae26
                                                                                                                                                                                                                                SHA512:ca5eaa1fb2a1b0113ff4a320059961561fb25d6ca4b6fd4b24f0754cd9f7d9b402fb4285f1cb471a19cdbd435dc0f21596a4af577b24e1be59eb077c862b5b6d
                                                                                                                                                                                                                                SSDEEP:786432:bbn8v283oyUNmx4osm5GYHAFLGTLAkaQtEhfdzLIlAeWpTwb:bb8vf35omWMZALqbShlIlhEwb
                                                                                                                                                                                                                                TLSH:9E971256E2F900D8D5BAC0B8C6575627E7B13855133097EB72A89A692F33FE06E3D310
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y..N8.DN8.DN8.DG@vDX8.D...EZ8.D...E\8.D...E.8.D>..EF8.D>..EC8.DN8.DF:.D]..E[8.D]..E.:.D]..EO8.D]..DO8.D]..EO8.DRichN8.D.......

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:6796a6a5a3aba4b3

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x1405cfe90
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0x67115F21 [Thu Oct 17 19:01:53 2024 UTC]
                                                                                                                                                                                                                                TLS Callbacks:0x405cf310, 0x1, 0x405cfad0, 0x1
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:4b1892ce4fbcfcf064c6f69d693fc6a5

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                call 00007F60508231F8h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                jmp 00007F6050822B3Fh
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                call 00007F60505116D8h
                                                                                                                                                                                                                                jmp 00007F6050822CD4h
                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                jmp 00007F6050822CBCh
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov dword ptr [esp+18h], esi
                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 10h
                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                cpuid
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov edx, edx
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                xor edx, 49656E69h
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                xor eax, 6C65746Eh
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov ecx, ebx
                                                                                                                                                                                                                                inc esp
                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                mov eax, 00000001h
                                                                                                                                                                                                                                cpuid
                                                                                                                                                                                                                                inc ebp
                                                                                                                                                                                                                                or edx, eax
                                                                                                                                                                                                                                mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                xor ecx, 756E6547h
                                                                                                                                                                                                                                mov dword ptr [ebp-0Ch], ebx
                                                                                                                                                                                                                                inc ebp
                                                                                                                                                                                                                                or edx, ecx
                                                                                                                                                                                                                                mov dword ptr [ebp-08h], ecx
                                                                                                                                                                                                                                mov edi, ecx
                                                                                                                                                                                                                                mov dword ptr [ebp-04h], edx
                                                                                                                                                                                                                                jne 00007F6050822D2Dh
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                or dword ptr [001CA17Dh], FFFFFFFFh
                                                                                                                                                                                                                                and eax, 0FFF3FF0h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov dword ptr [001CA165h], 00008000h
                                                                                                                                                                                                                                cmp eax, 000106C0h
                                                                                                                                                                                                                                je 00007F6050822CFAh
                                                                                                                                                                                                                                cmp eax, 00020660h
                                                                                                                                                                                                                                je 00007F6050822CF3h
                                                                                                                                                                                                                                cmp eax, 00020670h
                                                                                                                                                                                                                                je 00007F6050822CECh
                                                                                                                                                                                                                                add eax, FFFCF9B0h
                                                                                                                                                                                                                                cmp eax, 20h
                                                                                                                                                                                                                                jnbe 00007F6050822CF6h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov ecx, 00010001h

                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x7966f00xc4.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x7967b40x168.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x8070000x1508ac.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x7ba0000x360fc.pdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x9580000x7e2c.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x70a6b00x54.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x70a8800x28.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x6245400x140.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x61d0000xec8.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x7964a40x60.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x10000x61a71c0x61a8000b10188502e90294dafc4ec1ab7c7e1aunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .CLR_UEF0x61c0000xdd0x2003e60305f40e8c29615347b62e95ffa2cFalse0.4140625zlib compressed data3.093020747643803IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rdata0x61d0000x17c5e20x17c600ccea3fd4e581a51a1f647847625a49adFalse0.4178410234554716data5.662369206074474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .data0x79a0000x1ffc40x9800a54d166e1b6f79748b9287f2f558005cFalse0.19772820723684212data3.3332419864196208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .pdata0x7ba0000x360fc0x36200fd626080e4e3733af1f84cb0f28f455dFalse0.5045602987875288data6.505480901328782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .didat0x7f10000x380x200910157a66b34b7706f92927705a37f5aFalse0.064453125data0.42449845906755646IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                Section0x7f20000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                _RDATA0x7f30000x132080x13400617430a8cd708dda1865fee2910d8a1aFalse0.18454494724025974data5.4827244286074395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0x8070000x1508ac0x150a0055a626d59e407c1655759475c296ba58False0.4215935991459339data6.314235735199117IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0x9580000x7e2c0x8000dca4e44fa2a43d7401fa4c38300ecb87False0.155853271484375data5.445611795477199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_ICON0x8072000x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.019865461425268027
                                                                                                                                                                                                                                RT_RCDATA0x8106a80x24data1.1666666666666667
                                                                                                                                                                                                                                RT_RCDATA0x8106cc0x24data1.1666666666666667
                                                                                                                                                                                                                                RT_RCDATA0x8106f00x146c10PE32+ executable (DLL) (GUI) x86-64, for MS Windows0.4392890930175781
                                                                                                                                                                                                                                RT_GROUP_ICON0x9573000x14data1.15
                                                                                                                                                                                                                                RT_VERSION0x9573140x33cdata0.4323671497584541
                                                                                                                                                                                                                                RT_MANIFEST0x9576500x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                KERNEL32.dllRaiseException, FreeLibrary, SetErrorMode, RaiseFailFastException, GetExitCodeProcess, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, AddVectoredExceptionHandler, MultiByteToWideChar, GetTickCount, FlushInstructionCache, QueryPerformanceFrequency, QueryPerformanceCounter, RtlLookupFunctionEntry, LocateXStateFeature, RtlDeleteFunctionTable, InterlockedPushEntrySList, InterlockedFlushSList, InitializeSListHead, GetTickCount64, DuplicateHandle, QueueUserAPC, WaitForSingleObjectEx, SetThreadPriority, GetThreadPriority, GetCurrentThreadId, TlsAlloc, GetCurrentThread, GetCurrentProcessId, CreateThread, GetModuleHandleW, WaitForMultipleObjectsEx, SignalObjectAndWait, RtlCaptureContext, SetThreadStackGuarantee, VirtualQuery, WriteFile, GetStdHandle, GetConsoleOutputCP, MapViewOfFileEx, UnmapViewOfFile, GetStringTypeExW, InterlockedPopEntrySList, ExitProcess, Sleep, CreateMemoryResourceNotification, VirtualAlloc, VirtualFree, VirtualProtect, SleepEx, SwitchToThread, SuspendThread, ResumeThread, InitializeContext, SetXStateFeaturesMask, RtlRestoreContext, CloseThreadpoolTimer, CreateThreadpoolTimer, SetThreadpoolTimer, ReadFile, GetFileSize, GetEnvironmentVariableW, SetEnvironmentVariableW, CreateEventW, SetEvent, ResetEvent, GetThreadContext, SetThreadContext, GetEnabledXStateFeatures, CopyContext, WerRegisterRuntimeExceptionModule, RtlInstallFunctionTableCallback, GetSystemDefaultLCID, GetUserDefaultLCID, RtlUnwind, HeapAlloc, HeapFree, GetProcessHeap, HeapCreate, HeapDestroy, GetEnvironmentStringsW, FreeEnvironmentStringsW, FormatMessageW, CreateSemaphoreExW, ReleaseSemaphore, GetACP, LCMapStringEx, LocalFree, VerSetConditionMask, VerifyVersionInfoW, QueryThreadCycleTime, GetLogicalProcessorInformationEx, SetThreadGroupAffinity, GetThreadGroupAffinity, GetProcessGroupAffinity, GetCurrentProcessorNumberEx, GetProcessAffinityMask, QueryInformationJobObject, CloseHandle, GetSystemTimeAsFileTime, GetModuleFileNameW, CreateProcessW, GetCPInfo, LoadLibraryExW, CreateFileW, GetFileAttributesExW, GetFullPathNameW, LoadLibraryExA, OutputDebugStringA, OpenEventW, ReleaseMutex, ExitThread, CreateMutexW, HeapReAlloc, CreateNamedPipeA, WaitForMultipleObjects, DisconnectNamedPipe, CreateFileA, CancelIoEx, GetOverlappedResult, ConnectNamedPipe, FlushFileBuffers, SetFilePointer, MapViewOfFile, GetActiveProcessorGroupCount, GetSystemTime, SetConsoleCtrlHandler, GetLocaleInfoEx, GetUserDefaultLocaleName, RtlAddFunctionTable, LoadLibraryW, CreateDirectoryW, RemoveDirectoryW, CreateActCtxW, ActivateActCtx, FindResourceW, GetWindowsDirectoryW, GetFileSizeEx, FindFirstFileExW, FindNextFileW, GetTempPathW, FindClose, LoadLibraryA, GetCurrentDirectoryW, IsWow64Process, EncodePointer, DecodePointer, CreateFileMappingA, TlsSetValue, TlsGetValue, GetSystemInfo, GetCurrentProcess, OutputDebugStringW, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WideCharToMultiByte, GetCommandLineW, GetProcAddress, GetModuleHandleExW, SetThreadErrorMode, FlushProcessWriteBuffers, SetLastError, DebugBreak, WaitForSingleObject, GetNumaHighestNodeNumber, SetThreadAffinityMask, SetThreadIdealProcessorEx, GetThreadIdealProcessorEx, VirtualAllocExNuma, GetNumaProcessorNodeEx, VirtualUnlock, GetLargePageMinimum, IsProcessInJob, K32GetProcessMemoryInfo, GetLogicalProcessorInformation, GlobalMemoryStatusEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, RtlVirtualUnwind, IsProcessorFeaturePresent, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsFree, RtlPcToFileHeader, TryAcquireSRWLockExclusive, GetExitCodeThread, GetStringTypeW, InitializeCriticalSectionEx, GetLastError, CreateFileMappingW
                                                                                                                                                                                                                                ADVAPI32.dllReportEventW, AdjustTokenPrivileges, RegGetValueW, SetKernelObjectSecurity, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, OpenProcessToken, DeregisterEventSource, RegisterEventSourceW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, EventRegister, SetThreadToken, RevertToSelf, OpenThreadToken, EventWriteTransfer, EventWrite, LookupPrivilegeValueW
                                                                                                                                                                                                                                ole32.dllCreateStreamOnHGlobal, CoRevokeInitializeSpy, CoGetClassObject, CoGetContextToken, CoGetObjectContext, CoUnmarshalInterface, CoMarshalInterface, CoGetMarshalSizeMax, CLSIDFromProgID, CoReleaseMarshalData, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CoInitializeEx, CoRegisterInitializeSpy, CoWaitForMultipleHandles, CoUninitialize, CoCreateFreeThreadedMarshaler
                                                                                                                                                                                                                                OLEAUT32.dllCreateErrorInfo, SysFreeString, GetErrorInfo, SetErrorInfo, SysStringLen, SysAllocString, SysAllocStringLen, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayDestroy, QueryPathOfRegTypeLib, LoadTypeLibEx, SafeArrayGetVartype, VariantChangeType, VariantChangeTypeEx, VariantClear, VariantInit, VarCyFromDec, SafeArrayAllocDescriptorEx, GetRecordInfoFromTypeInfo, SafeArraySetRecordInfo, SafeArrayAllocData, SafeArrayGetElemsize, SysStringByteLen, SysAllocStringByteLen, SafeArrayCreateVector, SafeArrayPutElement, LoadRegTypeLib
                                                                                                                                                                                                                                USER32.dllLoadStringW, MessageBoxW
                                                                                                                                                                                                                                SHELL32.dllShellExecuteW
                                                                                                                                                                                                                                api-ms-win-crt-string-l1-1-0.dllstrncat_s, wcsncat_s, strcmp, wcsnlen, wcscat_s, towupper, iswascii, _strdup, strncpy, strnlen, wcstok_s, isdigit, isupper, isalpha, towlower, _wcsdup, iswspace, isspace, islower, strtok_s, _wcsnicmp, strcspn, __strncnt, strlen, wcscpy_s, toupper, wcsncpy_s, strcpy_s, strcat_s, strncpy_s, _strnicmp, tolower, wcsncmp, iswupper, strncmp, _stricmp, _wcsicmp
                                                                                                                                                                                                                                api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsscanf, fflush, __acrt_iob_func, __stdio_common_vfprintf, __stdio_common_vswprintf, __stdio_common_vfwprintf, fputws, fputwc, _get_stream_buffer_pointers, _fseeki64, fread, fsetpos, ungetc, fgetpos, fgets, fgetc, fputc, _wfsopen, _wfopen, __p__commode, _set_fmode, __stdio_common_vsnprintf_s, setvbuf, _setmode, _dup, _fileno, ftell, fseek, fputs, __stdio_common_vsnwprintf_s, __stdio_common_vsprintf_s, fwrite, _flushall, fopen, fclose
                                                                                                                                                                                                                                api-ms-win-crt-runtime-l1-1-0.dll_crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _register_onexit_function, _configure_wide_argv, _initialize_wide_environment, _get_initial_wide_environment, _initterm, _initterm_e, _exit, _invalid_parameter_noinfo_noreturn, __p___argc, __p___wargv, _c_exit, _register_thread_local_exe_atexit_callback, _initialize_onexit_table, _beginthreadex, terminate, _controlfp_s, _wcserror_s, _invalid_parameter_noinfo, _errno, exit, abort
                                                                                                                                                                                                                                api-ms-win-crt-convert-l1-1-0.dll_atoi64, _ltow_s, _wtoi, strtoul, _wcstoui64, atol, _itow_s, strtoull, wcstoul
                                                                                                                                                                                                                                api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, calloc, malloc, realloc
                                                                                                                                                                                                                                api-ms-win-crt-utility-l1-1-0.dllqsort
                                                                                                                                                                                                                                api-ms-win-crt-math-l1-1-0.dllasinhf, atanhf, cbrtf, acoshf, cosh, cbrt, coshf, exp, expf, acosh, atanh, floor, floorf, fma, fmaf, cosf, _fdopen, cos, ceilf, _copysignf, _isnanf, trunc, truncf, ilogb, ilogbf, tanhf, ceil, fmod, fmodf, atanf, frexp, atan2f, atan2, log, log10, log10f, atan, asinf, log2, log2f, logf, pow, powf, sin, sinf, asin, sinh, sinhf, sqrt, sqrtf, tan, tanf, tanh, acosf, _copysign, asinh, _isnan, _finite, modf, modff, acos, __setusermatherr
                                                                                                                                                                                                                                api-ms-win-crt-time-l1-1-0.dll_time64, _gmtime64_s, wcsftime
                                                                                                                                                                                                                                api-ms-win-crt-environment-l1-1-0.dllgetenv
                                                                                                                                                                                                                                api-ms-win-crt-locale-l1-1-0.dll_unlock_locales, setlocale, __pctype_func, ___lc_locale_name_func, _lock_locales, ___lc_codepage_func, ___mb_cur_max_func, _configthreadlocale, localeconv
                                                                                                                                                                                                                                api-ms-win-crt-filesystem-l1-1-0.dll_wrename, _unlock_file, _wremove, _lock_file

                                                                                                                                                                                                                                Exports

                                                                                                                                                                                                                                NameOrdinalAddress
                                                                                                                                                                                                                                CLRJitAttachState30x1407af270
                                                                                                                                                                                                                                DotNetRuntimeInfo40x14079c5d0
                                                                                                                                                                                                                                MetaDataGetDispenser50x140571160
                                                                                                                                                                                                                                g_CLREngineMetrics20x14079bdd8
                                                                                                                                                                                                                                g_dacTable60x140644600

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2025-01-14T13:11:33.728813+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749746172.65.251.78443TCP
                                                                                                                                                                                                                                2025-01-14T13:12:21.245210+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.763794172.67.74.152443TCP
                                                                                                                                                                                                                                2025-01-14T13:12:21.863540+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.763795172.67.74.152443TCP
                                                                                                                                                                                                                                2025-01-14T13:12:22.407332+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.763796208.95.112.180TCP
                                                                                                                                                                                                                                2025-01-14T13:12:23.085677+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.763797172.67.74.152443TCP
                                                                                                                                                                                                                                2025-01-14T13:12:23.711503+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.763798172.67.74.152443TCP
                                                                                                                                                                                                                                2025-01-14T13:12:23.891623+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.763796208.95.112.180TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.549963951 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.549994946 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.550329924 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.592392921 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.592408895 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.145235062 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.151336908 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.151525021 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.155345917 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.414931059 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.414953947 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.415397882 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.469609022 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.612368107 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.659343958 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.728799105 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.728857040 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.728915930 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.728969097 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.728971958 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.728996992 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729012966 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729265928 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729305983 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729305983 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729322910 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729360104 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729366064 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.729955912 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.730003119 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.730007887 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.733705044 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.733745098 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.733767033 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.733776093 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.733843088 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.815700054 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.815810919 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.815895081 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.818614006 CET49746443192.168.2.7172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 13:11:33.818633080 CET44349746172.65.251.78192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:52.701694965 CET6368053192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:11:52.707953930 CET53636801.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:52.708213091 CET6368053192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:11:52.710786104 CET6368053192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:11:52.715655088 CET53636801.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:53.180414915 CET53636801.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:53.181154013 CET6368053192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:11:53.186115026 CET53636801.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:53.186184883 CET6368053192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.634469032 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.634515047 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.634594917 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.635457993 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.635477066 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.103176117 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.103245020 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.105705976 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.105714083 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.106014967 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.114058018 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.155332088 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.245187998 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.245441914 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.245548010 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.246015072 CET63794443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.246032000 CET44363794172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.247761965 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.247795105 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.248274088 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.248560905 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.248574972 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.704960108 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.706136942 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.706168890 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.706765890 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.706773043 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.863657951 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.863837957 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.863903999 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.864336014 CET63795443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.864353895 CET44363795172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.878062010 CET6379680192.168.2.7208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.883940935 CET8063796208.95.112.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.884015083 CET6379680192.168.2.7208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.884351969 CET6379680192.168.2.7208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.889086962 CET8063796208.95.112.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.367248058 CET8063796208.95.112.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.407331944 CET6379680192.168.2.7208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.408024073 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.408073902 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.408453941 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.408453941 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.408507109 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.938260078 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.939557076 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.939574003 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.940223932 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.940248966 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.085680962 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.085752010 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.086587906 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.086587906 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.087588072 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.087627888 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.087856054 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.088015079 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.088028908 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.391797066 CET63797443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.391822100 CET44363797172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.556229115 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.558135986 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.558135986 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.558172941 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.558183908 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.711534977 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.711592913 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.713306904 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.713639021 CET63798443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.713651896 CET44363798172.67.74.152192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.714354992 CET6379680192.168.2.7208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.719228983 CET8063796208.95.112.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.851588964 CET8063796208.95.112.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.891623020 CET6379680192.168.2.7208.95.112.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.928656101 CET6379680192.168.2.7208.95.112.1

                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.514138937 CET6132153192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.521338940 CET53613211.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:11:52.700923920 CET53626821.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.626857996 CET6024553192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.633647919 CET53602451.1.1.1192.168.2.7
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.870378017 CET6029353192.168.2.71.1.1.1
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.876923084 CET53602931.1.1.1192.168.2.7

                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.514138937 CET192.168.2.71.1.1.10x340bStandard query (0)gitlab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.626857996 CET192.168.2.71.1.1.10x591fStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.870378017 CET192.168.2.71.1.1.10x74deStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 14, 2025 13:11:32.521338940 CET1.1.1.1192.168.2.70x340bNo error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.633647919 CET1.1.1.1192.168.2.70x591fNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.633647919 CET1.1.1.1192.168.2.70x591fNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 13:12:20.633647919 CET1.1.1.1192.168.2.70x591fNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.876923084 CET1.1.1.1192.168.2.70x74deNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                • gitlab.com
                                                                                                                                                                                                                                • api.ipify.org
                                                                                                                                                                                                                                • ip-api.com

                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.763796208.95.112.1805788C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Jan 14, 2025 13:12:21.884351969 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                                Jan 14, 2025 13:12:22.367248058 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:12:22 GMT
                                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                X-Ttl: 47
                                                                                                                                                                                                                                X-Rl: 42
                                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.714354992 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                                Jan 14, 2025 13:12:23.851588964 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:12:23 GMT
                                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                X-Ttl: 46
                                                                                                                                                                                                                                X-Rl: 41
                                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.749746172.65.251.784435788C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC107OUTGET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1
                                                                                                                                                                                                                                Host: gitlab.com
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC537INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:11:33 GMT
                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                Content-Length: 16036
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                CF-Ray: 901d877f6b22330c-EWR
                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Age: 12
                                                                                                                                                                                                                                Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                                                                Content-Disposition: attachment; filename="Your_Benefits_and_Role.docx"; filename*=UTF-8''Your_Benefits_and_Role.docx
                                                                                                                                                                                                                                ETag: "c9f854e67f415052529ad6dc8e14658c"
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                                Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC498INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 36 6d 47 36 34 35 77 6e 61 4e 33 70 38 76 54 50 4c 34 31 77 78 67 6f 41 59 53 52 57 48 36 6d 58 45 37 79 4f 69 51 4d 7a 6c 35 6d 56 64 70 68 65 32 46 43 6a 5a 4b 62 4a 6c 39 6f 35 50 31 6d 73 58 78 77 57 59 6b 49 75 39 36 73 41 6e 4f 4a 6a 42 4b 46 46 67 37 43 38 49 66 46 25 32 46 57 72 46 36 48 4c 73 6b 52 34 49 39 73 41 62 41 30 31 65 75 66 56 68 72 54 63 47 46 25 32 42 32 51 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mG645wnaN3p8vTPL41wxgoAYSRWH6mXE7yOiQMzl5mVdphe2FCjZKbJl9o5P1msXxwWYkIu96sAnOJjBKFFg7C8IfF%2FWrF6HLskR4I9sAbA01eufVhrTcGF%2B2Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC938INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 32 91 6f 57 66 01 00 00 a5 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                Data Ascii: PK!2oWf[Content_Types].xml (
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: 00 21 00 1e 91 1a b7 ef 00 00 00 4e 02 00 00 0b 00 08 02 5f 72 65 6c 73 2f 2e 72 65 6c 73 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                Data Ascii: !N_rels/.rels (
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: f8 d7 49 7b b7 75 af 8f 48 74 8e 90 55 1b e7 ae c3 28 be 6e 32 f7 31 cd c1 eb a6 e1 f0 dd 22 13 92 ce 12 98 11 98 1a 01 6b 21 7a 05 f0 7f 50 3a 3c e8 53 f6 a4 db 71 ad f1 24 2a 09 7a ad d6 2d f0 b4 99 88 56 78 cc a1 c3 19 e6 54 d2 77 a0 e6 6e 10 04 8e e1 fb 2d dd 0a 51 4e 61 ab 31 f0 8d 41 df 1f 41 eb 10 38 61 74 07 4d c6 c0 70 ad ae bd 69 9a ca 17 1a 7d 36 a7 65 a2 0e 7b a6 3b 4d 7a 16 53 89 07 59 1d 8a 3f e0 b6 25 85 b0 e2 38 ad 4e d5 e2 15 fb 6d 9d fa ee ce 76 f0 8b 53 d9 11 3b d3 a2 66 5e 51 8b 6c fe 90 c7 a1 ba 9d 8a 82 63 c4 19 62 ab aa fa 1a 3d f6 c8 07 a1 b6 0c 8b 9c 86 b0 b8 b9 64 05 93 4b d6 ba 25 df e5 a9 3e 5f 70 45 93 6f fd f0 db f7 c0 8e 98 02 15 27 ef 69 46 17 4c 92 ab 3b 96 0a c5 de 7c db 27 cf 64 7d 79 06 fd b9 63 b9 90 aa 20 4a 7c 27 0d
                                                                                                                                                                                                                                Data Ascii: I{uHtU(n21"k!zP:<Sq$*z-VxTwn-QNa1AA8atMpi}6e{;MzSY?%8NmvS;f^Qlcb=dK%>_pEo'iFL;|'d}yc J|'
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: a7 58 ea 18 cc 0f c8 85 fc 7b 01 06 b8 90 0c d3 43 b2 f9 5e 8c df d8 d2 b4 c4 ef 69 9a 61 b4 21 22 d4 85 ec 51 94 f2 8c 6b 16 a2 49 be 40 ae 5a 11 8d 39 67 49 d4 8c 5d f4 26 7e 7f 3c 38 7b 4c 3c 0b b4 23 85 94 1d 38 7f 97 ac 18 95 3a 9b 62 4f 39 93 58 e7 d2 38 6f 1c 62 bb 62 1a 56 7d 23 74 51 e8 dc 54 70 a5 48 58 13 38 5d 27 b0 ec f1 c4 7d 85 70 26 00 e4 1d cb 80 b6 b2 68 0a b8 8c 25 a3 0f 5a 32 44 9b 3d 50 f7 e9 1a a8 a5 2e 19 6d 1a 58 b6 e4 52 64 da fa 9b 60 da 75 2d db ea 99 17 5f 98 3d 49 45 7d c6 72 f2 90 89 c7 84 01 6f 41 05 ad 8b dc 3b b1 fa 4a d7 b5 ef 83 f7 f0 5f 55 ef 7e 5f d5 bb 03 c8 45 92 ad af 68 94 e2 9b fe c8 30 26 ee c5 e7 69 27 a1 79 0f 81 56 7f 82 ae ea 4c 80 54 f1 00 f1 b8 a2 39 c8 13 69 b5 31 19 93 f9 94 3e 00 e5 a1 8a 5e 47 12 ab 2d
                                                                                                                                                                                                                                Data Ascii: X{C^ia!"QkI@Z9gI]&~<8{L<#8:bO9X8obbV}#tQTpHX8]'}p&h%Z2D=P.mXRd`u-_=IE}roA;J_U~_Eh0&i'yVLT9i1>^G-
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: 34 2a 9c 02 1c f5 5c 7d 16 b3 de ec 75 89 2e 6c 7c 21 38 5b 73 10 cb 98 10 14 66 f1 02 70 94 bf 66 36 c7 f0 1c 93 a1 b1 86 0a 59 aa 09 c7 d9 9a 83 78 8a 09 f1 85 e5 fb 9f 93 9c 98 27 10 7e f5 db f2 1f 00 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b6 f4 67 98 d2 06 00 00 c9 20 00 00 15 00 00 00 77 6f 72 64 2f 74 68 65 6d 65 2f 74 68 65 6d 65 31 2e 78 6d 6c ec 59 4b 8b 1b 47 10 be 07 f2 1f 86 b9 cb 7a cd e8 61 ac 35 d2 48 f2 6b d7 36 de b5 83 8f bd 52 6b a6 ad 9e 69 d1 dd da b5 30 86 60 9f 72 09 04 9c 90 43 0c b9 e5 10 42 0c 31 c4 e4 92 1f 63 b0 49 9c 1f 91 ea 1e 49 33 2d f5 c4 8f 5d 83 09 bb 82 55 3f be aa fe ba aa ba ba 34 73 e1 e2 fd 98 3a 47 98 0b c2 92 8e 5b 3d 57 71 1d 9c 8c d8 98 24 61 c7 bd 7d 30 2c b5 5c 47 48 94 8c 11 65 09 ee b8
                                                                                                                                                                                                                                Data Ascii: 4*\}u.l|!8[sfpf6Yx'~PK!g word/theme/theme1.xmlYKGza5Hk6Rki0`rCB1cII3-]U?4s:G[=Wq$a}0,\GHe
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: 52 46 10 6e 10 d2 63 e5 a7 54 7e e5 dd 53 f7 74 91 31 cd 6d d7 2c db 6b 2b ae a7 e3 69 83 44 2e dc 4c 12 b9 30 8c e0 f2 d8 1c 3e 65 5f b7 33 97 1a f4 94 29 b6 69 34 5b 1f c3 d7 2a 89 6c e4 06 9a 98 3d e7 18 ce 5c dd 07 35 23 34 eb b8 13 f8 c9 04 cd 78 06 fa 84 ca 54 88 86 49 c7 1d c9 a5 a1 3f 24 b3 cc b8 90 7d 24 a2 14 a6 a7 d2 fd c7 44 62 ee 50 12 43 ac e7 dd 40 93 8c 5b b5 d6 54 7b fc 44 c9 b5 2b 9f 9e e5 f4 57 de c9 78 32 c1 23 59 30 92 75 61 2e 55 62 9d 3d 21 58 75 d8 1c 48 ef 47 e3 63 e7 90 ce f9 2d 04 86 f2 9b 55 65 c0 31 11 72 6d cd 31 e1 b9 e0 ce ac b8 91 ae 96 47 d1 78 df 92 1d 51 44 67 11 5a de 28 f9 64 9e c2 75 7b 4d 27 b7 0f cd 74 73 57 66 7f b9 99 c3 50 39 e9 c4 b7 ee db 85 d4 44 2e 69 16 5c 20 ea d6 b4 e7 8f 8f 77 c9 e7 58 65 79 df 60 95 a6
                                                                                                                                                                                                                                Data Ascii: RFncT~St1m,k+iD.L0>e_3)i4[*l=\5#4xTI?$}$DbPC@[T{D+Wx2#Y0ua.Ub=!XuHGc-Ue1rm1GxQDgZ(du{M'tsWfP9D.i\ wXey`
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: e6 a9 4b cf 2e d5 70 f8 f6 d2 df a3 ae 15 62 de ff b2 6a 8b 8c ca 95 29 10 bc 44 55 d5 d4 59 b6 09 26 1e 25 9b 52 07 a6 34 34 bc 15 f0 0d 68 5f b2 4d d8 62 a1 c5 c2 06 b3 2f 28 37 3b 03 ed 76 d1 c9 42 27 3b d2 8b 9c 2c ea 64 b1 93 c5 9d 2c 71 b2 a4 93 0d 9d 6c 68 64 25 74 16 49 09 7f 84 92 77 4b 23 5f 0b 4a c5 0e 17 b7 1d fe 42 d4 24 41 95 a8 c2 f3 66 1a 41 79 89 46 d0 8e 27 d5 db a6 f8 09 e6 16 2e 88 86 4f eb 8a 14 0c 3d 99 31 16 0e 8d 79 ab 0d 13 45 d4 fa 44 d7 60 46 b9 3a 65 30 83 be bd e4 fe 89 b1 2d f1 6f 62 31 53 32 27 50 8e ab 3d cb ba a1 f3 47 13 38 25 0a 1a 44 05 f3 49 0b 79 8a 05 71 5a 88 fc ce 0c e7 b8 91 27 71 18 5f 8f c6 b3 06 4e ec 5c d3 b6 87 c0 b9 7f c6 eb 29 52 b8 68 31 67 9a 34 a6 5f e3 69 12 8d 82 70 d4 bf 09 a2 69 3f 8e e2 b0 7f 39 1b
                                                                                                                                                                                                                                Data Ascii: K.pbj)DUY&%R44h_Mb/(7;vB';,d,qlhd%tIwK#_JB$AfAyF'.O=1yED`F:e0-ob1S2'P=G8%DIyqZ'q_N\)Rh1g4_ipi?9
                                                                                                                                                                                                                                2025-01-14 12:11:33 UTC1369INData Raw: 44 03 3e f9 70 1f 66 b6 b1 5c 8a ae 11 43 00 20 04 20 04 20 a4 83 ad 00 21 00 21 c2 52 80 10 80 10 80 10 80 10 80 10 80 90 cf 08 21 ec 48 d0 1b 42 0c cb 71 91 b1 78 a8 22 ea 0f 21 96 63 ce cc 07 04 10 02 10 02 10 32 cc 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 7f f5 86 10 53 5f d8 aa 3b 9f 57 11 f5 87 90 e5 72 a1 2c dd b9 2e ba 46 0c 01 80 10 80 10 80 90 0e b6 02 84 00 84 08 4b 01 42 00 42 00 42 00 42 00 42 00 42 3e 23 84 b0 c5 b6 3f 84 58 1a 52 94 85 53 45 d4 1f 42 e6 68 b1 b4 10 32 45 d7 88 21 00 10 02 10 02 10 d2 c1 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 32 f4 87 10 db b4 35 07 59 55 44 fd 21 64 36 77 6d 57 59 ea a2 6b c4 10 00 08 01 08 01 08 e9 60 2b 40 08 40 88 b0 14 20 04 20 04 20 04 20 04 20
                                                                                                                                                                                                                                Data Ascii: D>pf\C !!R!HBqx"!c2Va)@@@@@@gS_;Wr,.FKBBBBBB>#?XRSEBh2E!Va)@@@@@@g25YUD!d6wmWYk`+@@


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                1192.168.2.763794172.67.74.1524435788C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 12:12:21 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 12:12:21 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:12:21 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d88a86e0d8cc5-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1923&min_rtt=1911&rtt_var=742&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1451292&cwnd=228&unsent_bytes=0&cid=9436deb2ce8a5385&ts=159&x=0"
                                                                                                                                                                                                                                2025-01-14 12:12:21 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                2192.168.2.763795172.67.74.1524435788C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 12:12:21 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 12:12:21 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:12:21 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d88ac48fd43d5-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2119&min_rtt=2118&rtt_var=797&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=677&delivery_rate=1370892&cwnd=241&unsent_bytes=0&cid=1ccf7ecb50c3fb06&ts=160&x=0"
                                                                                                                                                                                                                                2025-01-14 12:12:21 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                3192.168.2.763797172.67.74.1524435788C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 12:12:22 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 12:12:23 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:12:23 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d88b3eb9c4411-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1739&min_rtt=1731&rtt_var=665&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1624930&cwnd=235&unsent_bytes=0&cid=f23ae146b7915e28&ts=224&x=0"
                                                                                                                                                                                                                                2025-01-14 12:12:23 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                4192.168.2.763798172.67.74.1524435788C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 12:12:23 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 12:12:23 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 12:12:23 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901d88b7ce685e62-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2410&min_rtt=2405&rtt_var=913&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1191350&cwnd=139&unsent_bytes=0&cid=1ed8a65c5958788d&ts=163&x=0"
                                                                                                                                                                                                                                2025-01-14 12:12:23 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:07:11:13
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\iTVsz8WAu4.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\iTVsz8WAu4.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6e2a40000
                                                                                                                                                                                                                                File size:43'526'138 bytes
                                                                                                                                                                                                                                MD5 hash:D6B0F6B6E4687D0D33F9C4523219A1A9
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                Start time:07:11:31
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9447 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
                                                                                                                                                                                                                                Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                Start time:07:11:32
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1580 --field-trial-handle=1440,i,10015738160290099957,7113324669390764060,262144 --disable-features=PaintHolding /prefetch:8
                                                                                                                                                                                                                                Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                Start time:07:11:32
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
                                                                                                                                                                                                                                Imagebase:0xa20000
                                                                                                                                                                                                                                File size:1'620'872 bytes
                                                                                                                                                                                                                                MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                Start time:09:03:56
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9351 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                Start time:09:03:56
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1616 --field-trial-handle=1388,i,4130655194958272228,13477878399729712916,262144 --disable-features=PaintHolding /prefetch:3
                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                No disassembly