Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NetSpot.exe

Overview

General Information

Sample name:NetSpot.exe
Analysis ID:1522643
MD5:8ce5f5b39cd7ab4a9b227068d3f3b12a
SHA1:7559b2c5c2d1bfad6b22107caed801e456a152b4
SHA256:758c7a88d4c1b5332ad90ad057858bf67d9846400913c1c1a2bd52f187482e28
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • NetSpot.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\NetSpot.exe" MD5: 8CE5F5B39CD7AB4A9B227068D3F3B12A)
    • NetSpot.tmp (PID: 7104 cmdline: "C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp" /SL5="$1042E,82973157,925184,C:\Users\user\Desktop\NetSpot.exe" MD5: 2498951C33DB1793078FDA96E0A95FEB)
      • NetSpot.exe (PID: 928 cmdline: "C:\Program Files\NetSpot\NetSpot.exe" -firstrun MD5: 5D11AE8FEF71CFFF200D1A28CAAB6BFC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: NetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_079fa015-f
Source: NetSpot.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpotJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-M74L2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-OQL12.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-V7Q4A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-CIROQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-24KKF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5VC90.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-R0J2V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5BG51.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-U2GGI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-N15GE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-42MF6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-HQR54.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5AA03.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-8UH95.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-9GF1O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-CTAKS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-3TUDR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-C3Q8S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-PLA7C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-4GPK1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-MACOH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-O8J9C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-JOU0Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-NKE6A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-T7BIU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-6E58C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-NNF2R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-B1NJF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-3JV3P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-4ET7L.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-LEMM7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-SEC79.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-S0F5R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-TEQCU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5G8NL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-377HG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-2KT7S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-QSS20.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-S8PNU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-MK85Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-Q4QCI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-9LFKI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-HC4RP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-OLDS2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-VVTAO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-MLUMD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-SMHRU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-D8NFU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-UFOD4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-arm64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-arm64\nativeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-arm64\native\is-UGST8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x64\nativeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x64\native\is-IIR56.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x86Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x86\nativeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x86\native\is-D9116.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\de\is-9IFIE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\enJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\en\is-JJM2S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\esJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\es\is-GLJO9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\frJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\fr\is-CM1JJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\itJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\it\is-S2EDF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\jaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ja\is-6CS50.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ptJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\pt\is-KTD9U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ruJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ru\is-JL9ET.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-IQU4U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-33L5D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-07U2U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-HRVUR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-B9RJK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ResourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\Resources\SoundsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\Resources\Sounds\is-0G99Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\Resources\Sounds\is-EC700.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1Jump to behavior
Source: NetSpot.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: NetSpot.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Infrastructure.PredictiveProjectFormat\obj\Release\NetSpot.Infrastructure.PredictiveProjectFormat.pdb source: NetSpot.exe, 00000004.00000002.4214752799.00000257DC902000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Base\obj\Release\NetSpot.Base.pdb1[ source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Infrastructure.WiFi\obj\Release\NetSpot.Infrastructure.WiFi.pdb source: NetSpot.exe, 00000004.00000002.4172935845.00000257C4092000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdb source: is-IIR56.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Core.Discover\obj\Release\NetSpot.Core.Discover.pdb source: NetSpot.exe, 00000004.00000002.4172785960.00000257C28D2000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Discover\obj\Release\NetSpot.Discover.pdb source: NetSpot.exe, 00000004.00000002.4173803791.00000257C4182000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Infrastructure.Engine\obj\Release\NetSpot.Infrastructure.Engine.pdb source: NetSpot.exe, 00000004.00000002.4173626112.00000257C4142000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Core.Survey\obj\Release\NetSpot.Core.Survey.pdb source: NetSpot.exe, 00000004.00000002.4173177175.00000257C40D2000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: \NetSpotActivator (github)\ActivatorProject\bin\x64\Release\Act.pdb source: NetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot\obj\Release\NetSpot.pdb source: NetSpot.exe, 00000004.00000000.1892323190.00000257C2372000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: symbols\dll\WindowsBase.pdbJsonS` source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat\obj\Release\NetSpot.Infrastructure.SurveyLegacyProjectFormat.pdb source: NetSpot.exe, 00000004.00000002.4173067023.00000257C40C2000.00000002.00000001.01000000.00000018.sdmp, is-42MF6.tmp.1.dr
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Core.Base\obj\Release\NetSpot.Core.Base.pdb source: NetSpot.exe, 00000004.00000002.4173391825.00000257C4102000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Base\obj\Release\NetSpot.Base.pdb source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: tive.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: indoC:\Windows\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: WindowsBase.pdb02pot 3 (gitk source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpotPredictive (github)\predictive\x64\Release\Predictive.Interop.pdb source: NetSpot.exe, 00000004.00000002.4440309517.00007FFE1024F000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Survey\obj\Release\NetSpot.Survey.pdb source: NetSpot.exe, 00000004.00000002.4217689065.00000257DCCB2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Core.Predictive\obj\Release\NetSpot.Core.Predictive.pdb source: NetSpot.exe, 00000004.00000002.4214523327.00000257DC8D2000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdbOGP source: is-IIR56.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Predictive\obj\Release\NetSpot.Predictive.pdb source: NetSpot.exe, 00000004.00000002.4218797950.00000257DCD52000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Infrastructure.Polices\obj\Release\NetSpot.Infrastructure.Polices.pdb source: NetSpot.exe, 00000004.00000002.4172742636.00000257C28C2000.00000002.00000001.01000000.00000014.sdmp, is-U2GGI.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Infrastructure.Polices\obj\Release\NetSpot.Infrastructure.Polices.pdbu3 source: NetSpot.exe, 00000004.00000002.4172742636.00000257C28C2000.00000002.00000001.01000000.00000014.sdmp, is-U2GGI.tmp.1.dr
Source: Binary string: .pdbW source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: 8C:\Windows\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: is-9LFKI.tmp.1.dr
Source: Binary string: WindowsBase.pdbwsBase.pdbpdbase.pdbSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Infrastructure.JsonServices\obj\Release\NetSpot.Infrastructure.JsonServices.pdb source: NetSpot.exe, 00000004.00000002.4220089186.00000257DCE22000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: is-5G8NL.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Survey\obj\Release\NetSpot.Survey.pdbG source: NetSpot.exe, 00000004.00000002.4217689065.00000257DCCB2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat\obj\Release\NetSpot.Infrastructure.SurveyLegacyProjectFormat.pdb{ source: NetSpot.exe, 00000004.00000002.4173067023.00000257C40C2000.00000002.00000001.01000000.00000018.sdmp, is-42MF6.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat\obj\Release\NetSpot.Infrastructure.SurveyProjectFormat.pdb source: NetSpot.exe, 00000004.00000002.4214295776.00000257DC8BB000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.IperfServices\obj\Release\NetSpot.Infrastructure.IperfServices.pdb source: NetSpot.exe, 00000004.00000002.4173020119.00000257C40B2000.00000002.00000001.01000000.00000017.sdmp
Source: global trafficHTTP traffic detected: GET /pjf/JsonVersions.json HTTP/1.1Host: www.netspotapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pjf/RouterModels.json HTTP/1.1Host: www.netspotapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pjf/WallMaterials.json HTTP/1.1Host: www.netspotapp.comConnection: Keep-Alive
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /pjf/JsonVersions.json HTTP/1.1Host: www.netspotapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pjf/RouterModels.json HTTP/1.1Host: www.netspotapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pjf/WallMaterials.json HTTP/1.1Host: www.netspotapp.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: www.netspotapp.com
Source: global trafficDNS traffic detected: DNS query: updates.netspotapp.com
Source: unknownHTTP traffic detected: POST /activator/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: activatorContent-Length: 128Host: updates.netspotapp.com
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: NetSpot.exe, 00000004.00000002.4215739116.00000257DCADA000.00000004.00000020.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4386028136.00000257E59D0000.00000004.00000020.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4230479179.00000257DDB2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C5929000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C5DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/NetSpot;component/views/promowindow.xaml
Source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://ocsp.comodoca.com0
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLNunito
Source: is-S8PNU.tmp.1.drString found in binary or memory: http://software.es.net/iperf/
Source: NetSpot.exe, 00000000.00000003.1720520051.0000000002640000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1913304682.00000000022F9000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.000000000381C000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1725051883.00000000034F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: NetSpot.exe, 00000004.00000002.4438110439.00007FFDF0198000.00000008.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: NetSpot.exe, 00000004.00000002.4438110439.00007FFDF0198000.00000008.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html.
Source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpString found in binary or memory: http://www.sansoxygen.comThis
Source: NetSpot.exe, 00000000.00000003.1913304682.0000000002379000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1720520051.0000000002640000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1908033263.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.000000000376E000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.00000000036F6000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1725051883.00000000034F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe
Source: NetSpot.exe, 00000000.00000003.1913304682.0000000002379000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1720520051.0000000002640000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1908033263.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.000000000376E000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.00000000036F6000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1725051883.00000000034F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x86.exe
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cdn.netspotapp.com/download/NetSpotForWindows/3/UpdateManifest.xml
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cdn.netspotapp.com/download/Win/updater/updateManifest3.xml
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.netspotapp.com/download/Win/updater/updateManifest3.xml8
Source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpString found in binary or memory: https://github.com/Fonthausen/NunitoSans)Nunito
Source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: is-5G8NL.tmp.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: is-5G8NL.tmp.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: is-S8PNU.tmp.1.drString found in binary or memory: https://github.com/esnet/iperf
Source: NetSpot.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: NetSpot.exe, 00000004.00000002.4256324129.00000257DF4F2000.00000002.00000001.01000000.00000025.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://speedtest.netspotapp.com
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://updates.netspotapp.com
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://updates.netspotapp.com/
Source: NetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://updates.netspotapp.com/activator/
Source: NetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://updates.netspotapp.com/activator/getKeyInfo
Source: NetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://updates.netspotapp.com/activator/graceBlockeddemoOvergracePeriodSecondsgraceStartedTimegrace
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://updates.netspotapp.com/changehid/?mp-translate=en
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://updates.netspotapp.com/recover/?mp-translate=en
Source: NetSpot.exe, 00000004.00000002.4240085998.00000257DDF0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.netspotapp.com/s
Source: NetSpot.exe, 00000004.00000002.4395625013.00000257E5C9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.netspotapp.com:443/activator/;
Source: NetSpot.exe, 00000000.00000003.1721639152.0000000002780000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000000.1723569734.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netspotapp.com
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/?utm_nooverride=1
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/features.html?utm_source=app_activator&utm_medium=win&utm_campaign=app_ac
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netspotapp.com/help/?utm_source=appmenu&utm_medium=win&utm_id=app
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/noise-level/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/phy-mode-coverage/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/quantity-of-access-points/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/signal-level/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/signal-to-interference-ratio/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/troubleshooting-download-rate/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/troubleshooting-noise/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/troubleshooting-signal-level/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/troubleshooting-sir/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/troubleshooting-snr/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/troubleshooting-upload-rate/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/what-is-download-speed/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/what-is-the-frequency-band-coverage-pro/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/what-is-the-signal-to-noise/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/what-is-upload-speed/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/help/wireless-transmit-rate/
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/netspot-enterprise.html
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/netspot-enterprise.htmlBSJB
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netspotapp.com/pjf/JsonVersions.json
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/pjf/RouterModels.json
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/pjf/WallMaterials.json
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netspotapp.com/pjf/WallMaterials.json8
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/upgrade-netspot-win.html
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/uploads/feedback/submit.php?project=NetSpotWin&utm_nooverride=1
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netspotapp.com/uploads/feedback/submit.php?project=NetSpotWin&utm_nooverride=1n=b77a5c56
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/win-purchase-netspot.html
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/win-upgrade-to-netspot3.html?utm_source=app_win_activator_upgrade2to3&utm
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://www.netspotapp.com/win-upgrade-to-netspot3.html?utm_source=app_win_upgradewindow_upgrade2to3
Source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: NetSpot.exe, 00000000.00000003.1721639152.0000000002780000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000000.1723569734.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drString found in binary or memory: https://www.sqlite.org/copyright.html2
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.135.20.63:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: NetSpot.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs NetSpot.exe
Source: NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs NetSpot.exe
Source: NetSpot.exe, 00000000.00000003.1913304682.00000000023A8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs NetSpot.exe
Source: NetSpot.exe, 00000000.00000000.1720157715.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4220035426.00000257DCE12000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: OriginalFilenameNetSpot.Predictive.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4172742636.00000257C28C2000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.Polices.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4220570685.00000257DCE66000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.JsonServices.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4173270532.00000257C40E6000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenameNetSpot.Core.Survey.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4214752799.00000257DC902000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.PredictiveProjectFormat.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4173020119.00000257C40B2000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.IperfServices.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4173653228.00000257C4146000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.Engine.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: OriginalFilenameNetSpot.Base.resources.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4254728667.00000257DE58E000.00000002.00000001.01000000.00000024.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpBinary or memory string: OriginalFilenameNetSpot.Base.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4173101120.00000257C40CA000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.SurveyLegacyProjectFormat.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4172785960.00000257C28DC000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenameNetSpot.Core.Discover.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4218747832.00000257DCD4A000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: OriginalFilenameNetSpot.Survey.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4173803791.00000257C4182000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenameNetSpot.Discover.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4172982214.00000257C409E000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.WiFi.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4214295776.00000257DC8BB000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenameNetSpot.Infrastructure.SurveyProjectFormat.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4173545561.00000257C4134000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameNetSpot.Core.Base.dll8 vs NetSpot.exe
Source: NetSpot.exe, 00000004.00000002.4214523327.00000257DC8D2000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenameNetSpot.Core.Predictive.dll8 vs NetSpot.exe
Source: NetSpot.exeBinary or memory string: OriginalFileName vs NetSpot.exe
Source: NetSpot.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: clean4.winEXE@5/160@2/1
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpotJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeMutant created: NULL
Source: C:\Users\user\Desktop\NetSpot.exeFile created: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmpJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile read: C:\Program Files\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: NetSpot.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\NetSpot.exeFile read: C:\Users\user\Desktop\NetSpot.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\NetSpot.exe "C:\Users\user\Desktop\NetSpot.exe"
Source: C:\Users\user\Desktop\NetSpot.exeProcess created: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp "C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp" /SL5="$1042E,82973157,925184,C:\Users\user\Desktop\NetSpot.exe"
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess created: C:\Program Files\NetSpot\NetSpot.exe "C:\Program Files\NetSpot\NetSpot.exe" -firstrun
Source: C:\Users\user\Desktop\NetSpot.exeProcess created: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp "C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp" /SL5="$1042E,82973157,925184,C:\Users\user\Desktop\NetSpot.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess created: C:\Program Files\NetSpot\NetSpot.exe "C:\Program Files\NetSpot\NetSpot.exe" -firstrunJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: rasman.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: mscms.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: windowscodecsext.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: icm32.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpAutomated click: Next
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\NetSpot\NetSpot.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpotJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-M74L2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-OQL12.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-V7Q4A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-CIROQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-24KKF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5VC90.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-R0J2V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5BG51.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-U2GGI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-N15GE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-42MF6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-HQR54.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5AA03.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-8UH95.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-9GF1O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-CTAKS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-3TUDR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-C3Q8S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-PLA7C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-4GPK1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-MACOH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-O8J9C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-JOU0Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-NKE6A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-T7BIU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-6E58C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-NNF2R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-B1NJF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-3JV3P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-4ET7L.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-LEMM7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-SEC79.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-S0F5R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-TEQCU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-5G8NL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-377HG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-2KT7S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-QSS20.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-S8PNU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-MK85Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-Q4QCI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x64\is-9LFKI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-HC4RP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-OLDS2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-VVTAO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-MLUMD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-SMHRU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-D8NFU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\x86\is-UFOD4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-arm64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-arm64\nativeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-arm64\native\is-UGST8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x64\nativeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x64\native\is-IIR56.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x86Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x86\nativeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\runtimes\win-x86\native\is-D9116.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\de\is-9IFIE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\enJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\en\is-JJM2S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\esJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\es\is-GLJO9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\frJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\fr\is-CM1JJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\itJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\it\is-S2EDF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\jaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ja\is-6CS50.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ptJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\pt\is-KTD9U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ruJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ru\is-JL9ET.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-IQU4U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-33L5D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-07U2U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-HRVUR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\is-B9RJK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\ResourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\Resources\SoundsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\Resources\Sounds\is-0G99Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\Resources\Sounds\is-EC700.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDirectory created: C:\Program Files\NetSpot\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1Jump to behavior
Source: NetSpot.exeStatic PE information: certificate valid
Source: NetSpot.exeStatic file information: File size 83966680 > 1048576
Source: NetSpot.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Infrastructure.PredictiveProjectFormat\obj\Release\NetSpot.Infrastructure.PredictiveProjectFormat.pdb source: NetSpot.exe, 00000004.00000002.4214752799.00000257DC902000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Base\obj\Release\NetSpot.Base.pdb1[ source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Infrastructure.WiFi\obj\Release\NetSpot.Infrastructure.WiFi.pdb source: NetSpot.exe, 00000004.00000002.4172935845.00000257C4092000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdb source: is-IIR56.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Core.Discover\obj\Release\NetSpot.Core.Discover.pdb source: NetSpot.exe, 00000004.00000002.4172785960.00000257C28D2000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Discover\obj\Release\NetSpot.Discover.pdb source: NetSpot.exe, 00000004.00000002.4173803791.00000257C4182000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: NetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Infrastructure.Engine\obj\Release\NetSpot.Infrastructure.Engine.pdb source: NetSpot.exe, 00000004.00000002.4173626112.00000257C4142000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Core.Survey\obj\Release\NetSpot.Core.Survey.pdb source: NetSpot.exe, 00000004.00000002.4173177175.00000257C40D2000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: \NetSpotActivator (github)\ActivatorProject\bin\x64\Release\Act.pdb source: NetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot\obj\Release\NetSpot.pdb source: NetSpot.exe, 00000004.00000000.1892323190.00000257C2372000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: symbols\dll\WindowsBase.pdbJsonS` source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat\obj\Release\NetSpot.Infrastructure.SurveyLegacyProjectFormat.pdb source: NetSpot.exe, 00000004.00000002.4173067023.00000257C40C2000.00000002.00000001.01000000.00000018.sdmp, is-42MF6.tmp.1.dr
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Core.Base\obj\Release\NetSpot.Core.Base.pdb source: NetSpot.exe, 00000004.00000002.4173391825.00000257C4102000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Base\obj\Release\NetSpot.Base.pdb source: NetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: tive.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: indoC:\Windows\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: WindowsBase.pdb02pot 3 (gitk source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpotPredictive (github)\predictive\x64\Release\Predictive.Interop.pdb source: NetSpot.exe, 00000004.00000002.4440309517.00007FFE1024F000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Survey\obj\Release\NetSpot.Survey.pdb source: NetSpot.exe, 00000004.00000002.4217689065.00000257DCCB2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Core.Predictive\obj\Release\NetSpot.Core.Predictive.pdb source: NetSpot.exe, 00000004.00000002.4214523327.00000257DC8D2000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdbOGP source: is-IIR56.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Predictive\obj\Release\NetSpot.Predictive.pdb source: NetSpot.exe, 00000004.00000002.4218797950.00000257DCD52000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Infrastructure.Polices\obj\Release\NetSpot.Infrastructure.Polices.pdb source: NetSpot.exe, 00000004.00000002.4172742636.00000257C28C2000.00000002.00000001.01000000.00000014.sdmp, is-U2GGI.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpotCommon\NetSpot.Infrastructure.Polices\obj\Release\NetSpot.Infrastructure.Polices.pdbu3 source: NetSpot.exe, 00000004.00000002.4172742636.00000257C28C2000.00000002.00000001.01000000.00000014.sdmp, is-U2GGI.tmp.1.dr
Source: Binary string: .pdbW source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: 8C:\Windows\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: is-9LFKI.tmp.1.dr
Source: Binary string: WindowsBase.pdbwsBase.pdbpdbase.pdbSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: NetSpot.exe, 00000004.00000002.4170709898.0000008B32039000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpotPredictivePart\NetSpot.Infrastructure.JsonServices\obj\Release\NetSpot.Infrastructure.JsonServices.pdb source: NetSpot.exe, 00000004.00000002.4220089186.00000257DCE22000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: is-5G8NL.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Survey\obj\Release\NetSpot.Survey.pdbG source: NetSpot.exe, 00000004.00000002.4217689065.00000257DCCB2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat\obj\Release\NetSpot.Infrastructure.SurveyLegacyProjectFormat.pdb{ source: NetSpot.exe, 00000004.00000002.4173067023.00000257C40C2000.00000002.00000001.01000000.00000018.sdmp, is-42MF6.tmp.1.dr
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat\obj\Release\NetSpot.Infrastructure.SurveyProjectFormat.pdb source: NetSpot.exe, 00000004.00000002.4214295776.00000257DC8BB000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \NetSpot 3 (github)\NetSpot\NetSpot.Infrastructure.IperfServices\obj\Release\NetSpot.Infrastructure.IperfServices.pdb source: NetSpot.exe, 00000004.00000002.4173020119.00000257C40B2000.00000002.00000001.01000000.00000017.sdmp
Source: is-U2GGI.tmp.1.drStatic PE information: 0x9BEA9131 [Thu Nov 21 22:31:13 2052 UTC]
Source: NetSpot.exeStatic PE information: section name: .didata
Source: NetSpot.tmp.0.drStatic PE information: section name: .didata
Source: is-CTAKS.tmp.1.drStatic PE information: section name: .text entropy: 7.082414513362637
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-SEC79.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\is-MK85Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-D8NFU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-O8J9C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-JOU0Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-arm64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-NNF2R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Core.Survey.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-HQR54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\runtimes\win-x64\native\WebView2Loader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Base.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-UFOD4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-6E58C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\ru\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\en\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-C3Q8S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-377HG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\SQLite.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\runtimes\win-x86\native\WebView2Loader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\SQLite.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\cygwin1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\fr\is-CM1JJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-VVTAO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Core.Base.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\it\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Core.Predictive.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.Engine.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\Microsoft.Web.WebView2.Wpf.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\is-9LFKI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\System.Data.SQLite.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Users\user\AppData\Local\Temp\is-OUV8N.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\MuPDFWrapper.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-B1NJF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\Predictive.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-3TUDR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-24KKF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\en\is-JJM2S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.UniversalProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\ja\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-MACOH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.Shell.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\iperf3.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\ITextSharp.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\Act.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-R0J2V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Core.Discover.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-HC4RP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-NKE6A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\System.Runtime.CompilerServices.Unsafe.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\ru\is-JL9ET.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\runtimes\win-x64\native\is-IIR56.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Survey.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\it\is-S2EDF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\pt\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.JsonServices.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\Microsoft.Web.WebView2.Core.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-M74L2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-3JV3P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-PLA7C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\MuPDFCore.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x86.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-OQL12.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-5G8NL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\cygwin1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\Microsoft.Web.WebView2.WinForms.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-N15GE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\MuPDFWrapper.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-T7BIU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-4GPK1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\es\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-OLDS2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.PredictiveProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\pt\is-KTD9U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\Act.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-CTAKS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\Newtonsoft.Json.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\System.Numerics.Vectors.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-LEMM7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-MLUMD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\iperf3.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-5VC90.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\runtimes\win-arm64\native\WebView2Loader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\ja\is-6CS50.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\runtimes\win-x86\native\is-D9116.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.Polices.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-42MF6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\is-S8PNU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\is-2KT7S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-TEQCU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\fr\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-9GF1O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-4ET7L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-CIROQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\System.Memory.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Discover.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.WiFi.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\NetSpot.exeFile created: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\is-Q4QCI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\is-SMHRU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\cyggcc_s-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\System.Buffers.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\de\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x86\Predictive.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-8UH95.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\de\is-9IFIE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-5AA03.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-U2GGI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-S0F5R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\BouncyCastle.Crypto.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-V7Q4A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\x64\is-QSS20.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Predictive.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\is-5BG51.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\runtimes\win-arm64\native\is-UGST8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\NetSpot.Infrastructure.IperfServices.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\Program Files\NetSpot\es\is-GLJO9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpotJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpot\NetSpot.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpot\Uninstall NetSpot.lnkJump to behavior
Source: C:\Users\user\Desktop\NetSpot.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeMemory allocated: 257C2710000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeMemory allocated: 257DC1E0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeWindow / User API: threadDelayed 5465Jump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeWindow / User API: threadDelayed 4318Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-SEC79.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\is-MK85Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-D8NFU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-O8J9C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-arm64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-JOU0Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-NNF2R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Core.Survey.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-HQR54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\runtimes\win-x64\native\WebView2Loader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Base.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-UFOD4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-6E58C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\ru\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\en\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-C3Q8S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-377HG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\SQLite.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\runtimes\win-x86\native\WebView2Loader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\SQLite.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\cygwin1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\fr\is-CM1JJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-VVTAO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Core.Base.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\it\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Core.Predictive.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.Engine.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\Microsoft.Web.WebView2.Wpf.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\is-9LFKI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\System.Data.SQLite.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\MuPDFWrapper.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-OUV8N.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-B1NJF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\Predictive.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-3TUDR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-24KKF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\ja\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.UniversalProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\en\is-JJM2S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.Shell.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-MACOH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\iperf3.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\ITextSharp.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\Act.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-R0J2V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Core.Discover.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-HC4RP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\System.Runtime.CompilerServices.Unsafe.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-NKE6A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\ru\is-JL9ET.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\runtimes\win-x64\native\is-IIR56.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Survey.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\it\is-S2EDF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\pt\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.JsonServices.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\Microsoft.Web.WebView2.Core.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-3JV3P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\MuPDFCore.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x86.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-OQL12.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-5G8NL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\cygwin1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\Microsoft.Web.WebView2.WinForms.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\MuPDFWrapper.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-N15GE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-T7BIU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\es\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-4GPK1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-OLDS2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.PredictiveProjectFormat.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\Act.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\pt\is-KTD9U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\Newtonsoft.Json.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-CTAKS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\System.Numerics.Vectors.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-LEMM7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-MLUMD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\iperf3.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-5VC90.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\runtimes\win-arm64\native\WebView2Loader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\ja\is-6CS50.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.Polices.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\runtimes\win-x86\native\is-D9116.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-42MF6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\is-S8PNU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\is-2KT7S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\fr\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-TEQCU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-9GF1O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-4ET7L.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-CIROQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\System.Memory.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Discover.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.WiFi.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\is-Q4QCI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\is-SMHRU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\cyggcc_s-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\System.Buffers.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\de\NetSpot.Base.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x86\Predictive.Interop.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-8UH95.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\de\is-9IFIE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-5AA03.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-U2GGI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-S0F5R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\BouncyCastle.Crypto.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\x64\is-QSS20.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-V7Q4A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Predictive.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\is-5BG51.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\runtimes\win-arm64\native\is-UGST8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\NetSpot.Infrastructure.IperfServices.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpDropped PE file which has not been started: C:\Program Files\NetSpot\es\is-GLJO9.tmpJump to dropped file
Source: C:\Program Files\NetSpot\NetSpot.exe TID: 5324Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exe TID: 5440Thread sleep time: -18446744073709540s >= -30000sJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: NetSpot.tmp, 00000001.00000003.1910204757.0000000000A1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: NetSpot.exe, 00000004.00000002.4386028136.00000257E5940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: NetSpot.exe, 00000004.00000002.4215739116.00000257DCA70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPz
Source: NetSpot.exe, 00000004.00000002.4386028136.00000257E5940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWyaRegulardv
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.exe VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Base.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Core.Base.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Discover.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Survey.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Predictive.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Infrastructure.WiFi.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Infrastructure.Polices.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Core.Discover.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Core.Survey.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Infrastructure.IperfServices.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Core.Predictive.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Infrastructure.Engine.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\NetSpot.Infrastructure.JsonServices.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\en\NetSpot.Base.resources.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_1_1.png VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_1_2.png VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_1.png VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_2.png VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_3.png VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Predictive\ZonePreviewImage_1_1.png VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Program Files\NetSpot\Newtonsoft.Json.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\NetSpot\NetSpot.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		3
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Process Injection		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		32
Virtualization/Sandbox Evasion		Security Account Manager32
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets2
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync12
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
NetSpot.exe0%ReversingLabs
NetSpot.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\NetSpot\BouncyCastle.Crypto.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\ITextSharp.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\Microsoft.Web.WebView2.Core.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\Microsoft.Web.WebView2.WinForms.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\Microsoft.Web.WebView2.Wpf.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.Shell.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-arm64.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x64.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x86.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\MuPDFCore.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Base.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Core.Base.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Core.Discover.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Core.Predictive.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Core.Survey.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Discover.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.Engine.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.IperfServices.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.JsonServices.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.Polices.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.PredictiveProjectFormat.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.UniversalProjectFormat.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Infrastructure.WiFi.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Predictive.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.Survey.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\NetSpot.exe (copy)0%ReversingLabs
C:\Program Files\NetSpot\Newtonsoft.Json.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\System.Buffers.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\System.Data.SQLite.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\System.Memory.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\System.Numerics.Vectors.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\System.Runtime.CompilerServices.Unsafe.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\de\NetSpot.Base.resources.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\de\is-9IFIE.tmp0%ReversingLabs
C:\Program Files\NetSpot\en\NetSpot.Base.resources.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\en\is-JJM2S.tmp0%ReversingLabs
C:\Program Files\NetSpot\es\NetSpot.Base.resources.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\es\is-GLJO9.tmp0%ReversingLabs
C:\Program Files\NetSpot\fr\NetSpot.Base.resources.dll (copy)0%ReversingLabs
C:\Program Files\NetSpot\fr\is-CM1JJ.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-24KKF.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-377HG.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-3JV3P.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-3TUDR.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-42MF6.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-4ET7L.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-4GPK1.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-5AA03.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-5BG51.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-5G8NL.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-5VC90.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-6E58C.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-8UH95.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-9GF1O.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-B1NJF.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-C3Q8S.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-CIROQ.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-CTAKS.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-HQR54.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-JOU0Q.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-LEMM7.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-M74L2.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-MACOH.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-N15GE.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-NKE6A.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-NNF2R.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-O8J9C.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-OQL12.tmp0%ReversingLabs
C:\Program Files\NetSpot\is-PLA7C.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://www.openssl.org/support/faq.html0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
https://www.innosetup.com/0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.netspotapp.com
66.135.20.63
truefalse
    		unknown
    updates.netspotapp.com
    		66.135.20.63
    		truefalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://www.netspotapp.com/pjf/WallMaterials.jsonfalse
        		unknown
        https://www.netspotapp.com/pjf/JsonVersions.jsonfalse
          		unknown
          https://www.netspotapp.com/pjf/RouterModels.jsonfalse
            		unknown
            https://updates.netspotapp.com/activator/false
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUNetSpot.exefalse
                		unknown
                https://www.netspotapp.comNetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://ocsp.sectigo.com0NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.netspotapp.com/help/wireless-transmit-rate/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                    		unknown
                    https://github.com/esnet/iperfis-S8PNU.tmp.1.drfalse
                      		unknown
                      https://www.netspotapp.com/help/troubleshooting-snr/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                        		unknown
                        https://www.netspotapp.com/uploads/feedback/submit.php?project=NetSpotWin&utm_nooverride=1n=b77a5c56NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.netspotapp.com/help/what-is-download-speed/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                            		unknown
                            https://github.com/Fonthausen/NunitoSans)NunitoNetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpfalse
                              		unknown
                              https://www.netspotapp.com/help/troubleshooting-upload-rate/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                		unknown
                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://updates.netspotapp.com/sNetSpot.exe, 00000004.00000002.4240085998.00000257DDF0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.netspotapp.com/help/signal-to-interference-ratio/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                    		unknown
                                    https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfis-5G8NL.tmp.1.drfalse
                                      		unknown
                                      https://www.netspotapp.com/pjf/WallMaterials.json8NetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.sansoxygen.comThisNetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpfalse
                                          		unknown
                                          https://www.netspotapp.com/help/troubleshooting-noise/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                            		unknown
                                            http://www.openssl.org/support/faq.html.NetSpot.exe, 00000004.00000002.4438110439.00007FFDF0198000.00000008.00000001.01000000.00000012.sdmpfalse
                                              		unknown
                                              https://www.netspotapp.com/help/what-is-the-signal-to-noise/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                		unknown
                                                https://www.netspotapp.com/win-purchase-netspot.htmlNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                  		unknown
                                                  http://www.openssl.org/support/faq.htmlNetSpot.exe, 00000004.00000002.4438110439.00007FFDF0198000.00000008.00000001.01000000.00000012.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://cdn.netspotapp.com/download/Win/updater/updateManifest3.xml8NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://aka.ms/vs/17/release/vc_redist.x64.exeNetSpot.exe, 00000000.00000003.1913304682.0000000002379000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1720520051.0000000002640000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1908033263.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.000000000376E000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.00000000036F6000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1725051883.00000000034F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLNunitoNetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpfalse
                                                        		unknown
                                                        https://www.netspotapp.com/features.html?utm_source=app_activator&utm_medium=win&utm_campaign=app_acNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                          		unknown
                                                          https://www.netspotapp.com/netspot-enterprise.htmlNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                            		unknown
                                                            https://www.netspotapp.com/upgrade-netspot-win.htmlNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                              		unknown
                                                              https://www.remobjects.com/psNetSpot.exe, 00000000.00000003.1721639152.0000000002780000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000000.1723569734.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://defaultcontainer/NetSpot;component/views/promowindow.xamlNetSpot.exe, 00000004.00000002.4174046261.00000257C5929000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C5DBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.innosetup.com/NetSpot.exe, 00000000.00000003.1721639152.0000000002780000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000000.1723569734.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://www.netspotapp.com/netspot-enterprise.htmlBSJBNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                  		unknown
                                                                  https://updates.netspotapp.com:443/activator/;NetSpot.exe, 00000004.00000002.4395625013.00000257E5C9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.netspotapp.com/help/?utm_source=appmenu&utm_medium=win&utm_id=appNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.netspotapp.com/help/noise-level/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                        		unknown
                                                                        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLNetSpot.exe, 00000004.00000002.4256324129.00000257E15AE000.00000002.00000001.01000000.00000025.sdmpfalse
                                                                          		unknown
                                                                          https://www.netspotapp.com/help/what-is-upload-speed/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://cdn.netspotapp.com/download/Win/updater/updateManifest3.xmlNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                              		unknown
                                                                              https://updates.netspotapp.com/changehid/?mp-translate=enNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                		unknown
                                                                                https://www.netspotapp.com/?utm_nooverride=1NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.netspotapp.com/win-upgrade-to-netspot3.html?utm_source=app_win_upgradewindow_upgrade2to3NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.netspotapp.com/help/what-is-the-frequency-band-coverage-pro/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                      		unknown
                                                                                      https://github.com/JamesNK/Newtonsoft.JsonNetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                                        		unknown
                                                                                        https://sectigo.com/CPS0NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://updates.netspotapp.com/recover/?mp-translate=enNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/soap/encoding/NetSpot.exe, 00000004.00000002.4174046261.00000257C4797000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://www.netspotapp.com/help/signal-level/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.netspotapp.com/help/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                              		unknown
                                                                                              https://updates.netspotapp.com/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                		unknown
                                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#NetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://www.netspotapp.com/help/troubleshooting-sir/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8is-5G8NL.tmp.1.drfalse
                                                                                                    		unknown
                                                                                                    https://www.sqlite.org/copyright.html2NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-9LFKI.tmp.1.drfalse
                                                                                                      		unknown
                                                                                                      http://james.newtonking.com/projects/jsonNetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.netspotapp.com/help/quantity-of-access-points/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://updates.netspotapp.com/activator/getKeyInfoNetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.dk-soft.org/NetSpot.exe, 00000000.00000003.1720520051.0000000002640000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1913304682.00000000022F9000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.000000000381C000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1725051883.00000000034F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://updates.netspotapp.com/activator/graceBlockeddemoOvergracePeriodSecondsgraceStartedTimegraceNetSpot.exe, 00000004.00000002.4434209002.00007FFDF00AC000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.netspotapp.com/uploads/feedback/submit.php?project=NetSpotWin&utm_nooverride=1NetSpot.exe, 00000004.00000002.4174046261.00000257C5338000.00000004.00000800.00020000.00000000.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://updates.netspotapp.comNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.netspotapp.com/win-upgrade-to-netspot3.html?utm_source=app_win_activator_upgrade2to3&utmNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yNetSpot.exe, 00000000.00000003.1721639152.000000000288D000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1722004161.000000007FE39000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1893665830.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, is-IIR56.tmp.1.dr, is-U2GGI.tmp.1.dr, is-S8PNU.tmp.1.dr, is-9LFKI.tmp.1.dr, is-42MF6.tmp.1.dr, is-5G8NL.tmp.1.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://aka.ms/vs/17/release/vc_redist.x86.exeNetSpot.exe, 00000000.00000003.1913304682.0000000002379000.00000004.00001000.00020000.00000000.sdmp, NetSpot.exe, 00000000.00000003.1720520051.0000000002640000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1908033263.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.000000000376E000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1904111836.00000000036F6000.00000004.00001000.00020000.00000000.sdmp, NetSpot.tmp, 00000001.00000003.1725051883.00000000034F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.netspotapp.com/help/troubleshooting-signal-level/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.newtonsoft.com/jsonschemaNetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://www.netspotapp.com/help/phy-mode-coverage/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://cdn.netspotapp.com/download/NetSpotForWindows/3/UpdateManifest.xmlNetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://speedtest.netspotapp.comNetSpot.exe, 00000004.00000002.4256324129.00000257DF4F2000.00000002.00000001.01000000.00000025.sdmp, NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmp, NetSpot.exe, 00000004.00000002.4174046261.00000257C41E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://www.nuget.org/packages/Newtonsoft.Json.BsonNetSpot.exe, 00000004.00000002.4253313240.00000257DE4E2000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://software.es.net/iperf/is-S8PNU.tmp.1.drfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.netspotapp.com/help/troubleshooting-download-rate/NetSpot.exe, 00000004.00000002.4215160966.00000257DC932000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                                        		unknown

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        66.135.20.63
                                                                                                                                        		www.netspotapp.comUnited States
                                                                                                                                        		18566MEGAPATH5-USfalse

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1522643
                                                                                                                                        Start date and time:2024-09-30 14:16:48 +02:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 10m 4s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:10
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:NetSpot.exe
                                                                                                                                        Detection:CLEAN
                                                                                                                                        Classification:clean4.winEXE@5/160@2/1
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                        Warnings

                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        08:18:08API Interceptor11399698x Sleep call for process: NetSpot.exe modified

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        No context

                                                                                                                                        Domains

                                                                                                                                        No context

                                                                                                                                        ASNs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        MEGAPATH5-USSecuriteInfo.com.Linux.Siggen.9999.30976.5557.elfGet hashmaliciousMiraiBrowse
                                                                                                                                        • 72.244.178.196
                                                                                                                                        SecuriteInfo.com.Linux.Siggen.9999.1529.24643.elfGet hashmaliciousUnknownBrowse
                                                                                                                                        • 68.167.74.94
                                                                                                                                        SecuriteInfo.com.Linux.Siggen.9999.15962.9862.elfGet hashmaliciousMiraiBrowse
                                                                                                                                        • 72.245.42.63
                                                                                                                                        sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                        • 66.166.118.142
                                                                                                                                        firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                        • 74.1.232.61
                                                                                                                                        firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                                                                                                        • 74.1.244.63
                                                                                                                                        firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                        • 67.100.39.41
                                                                                                                                        SecuriteInfo.com.Linux.Siggen.9999.2027.4559.elfGet hashmaliciousMiraiBrowse
                                                                                                                                        • 65.85.83.219
                                                                                                                                        154.216.18.223-arm-2024-08-17T03_43_59.elfGet hashmaliciousMiraiBrowse
                                                                                                                                        • 72.244.241.79
                                                                                                                                        botx.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                        • 67.101.120.127

                                                                                                                                        JA3 Fingerprints

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0e7LC2izrr9u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        https://metrics.send.hotmart.com/v2/events/click/64ec6af4-7b81-4abf-9e97-fe7d70d45255?d=1nFwG70sgZqlXEGet hashmaliciousUnknownBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        Shipping documents 000029393994400000000000.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        QT2Q1292300924.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        NTS_eTaxInvoice.html.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        RFQ-5120240930 VENETA PESCA SRL.vbsGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        Faktura_82666410_1361590461#U00b7pdf.vbeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        Transmission Cost Database 2.0.xlsbGet hashmaliciousUnknownBrowse
                                                                                                                                        • 66.135.20.63
                                                                                                                                        https://downcheck.nyc3.cdn.digitaloceanspaces.com/peltgon.zipGet hashmaliciousLummaCBrowse
                                                                                                                                        • 66.135.20.63

                                                                                                                                        Dropped Files

                                                                                                                                        No context

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\Program Files\NetSpot\BouncyCastle.Crypto.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2583744
                                                                                                                                        Entropy (8bit):5.834009979239824
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:lCTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0O:AwU5d3vhzhmoOmfd5rqX0O
                                                                                                                                        MD5:AA7A5592ABB357AE8DD4A1C784741F9C
                                                                                                                                        SHA1:EE3E37CF2F62ED6D4984D0592031008006CBCD8D
                                                                                                                                        SHA-256:3F28E4097F334FEED5A95DCF98FD7AF8AACA60AE3722F99CD1D6D0959EAA2495
                                                                                                                                        SHA-512:85F8117254CECFA898015F8E8538845C7F6B65C3C177C92AE0A09F6C3D6504CB0430DA26FD2EA43D47D154F9C2AF718068F17E8BF5E06983F24C7DE765140D37
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O^...........!......'.. .......,'.. ...@'...@.. ........................'.......'.....................................P,'.K....@'.`............@'..,...`'...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...`....@'...... '.............@..@.reloc.......`'......0'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\ITextSharp.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2620608
                                                                                                                                        Entropy (8bit):6.20603256416396
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:ifLbHo+3NJ6ruQ3iPGZJ2lkkz5P+8ja1bQS4UbFLr3oApxrEeeiW+kn9jEH3M5v/:2N9U5kzI1bpbh3oApxrEeeb9jEH3q/
                                                                                                                                        MD5:8F16C49C67584F8AE78C07C778529DAC
                                                                                                                                        SHA1:2036B7CF319FA50FA6FC2C4D98774BE18053DDF0
                                                                                                                                        SHA-256:27F65B9F060ED740C8091E76E3288CD303D1CD6E67455C69B06EF1F15E438F4A
                                                                                                                                        SHA-512:01E6CDBB380295D61065D76BE8C74DCE15190929653BB2901AF34412448F82B1E8C5B5E7F91713FB35D3A0FC83E905AAA496EC9755089C3A1DBD49128096404E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'a.........." ..0...'.. ........&.. ....'...... ........................(.......(...@.................................<.&.O.....'.0.............'..,....'...................................................... ............... ..H............text...,.'.. ....'................. ..`.rsrc...0.....'.......'.............@..@.reloc........'.......'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\LegacySurveyProject.ico (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):146226
                                                                                                                                        Entropy (8bit):6.22069992309144
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:VK5Ye8OYEPBX/IG/AJbX4nzTnAJsrA/YH3H3jX4oXwUXM8Uv7kr4Y/rQjc0YLY4n:VkYe8Ovp/n/AizUm+I
                                                                                                                                        MD5:9E81A1D0926ECFFEE36D12BA30A8D225
                                                                                                                                        SHA1:A85192ED2A1E91EEA17C7F63EDD617930BC6AE06
                                                                                                                                        SHA-256:5D945B9A25049E3B82A88203E69092BBEE84877C63C65D01F664648809843CC3
                                                                                                                                        SHA-512:1F35492D28C0D05E2D9A245B656A00C68AE51D846EE2EDFFCED98F1512D66FE5FAA52F2F905F22D7FC0D0CDBA08B9A3E8621B7B22D7429A9E24BB9F40449FDDC
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:............ ....f......... .(...*...@@.... .(B..R...00.... ..%..z... .... ....."&........ .h....6...PNG........IHDR.............\r.f....IDATx...w.%.u.....o.<...qf6/.. ...|.H.z.$.,.g%+.V.$Z.'K..,..-Y..$.O.....m..O..H.. @..",6....0y..>.?......;..0."P....vWW<..9.s.Z.K...oSJ._)u/.!"R.R..o......"...e!......y^.g.t..H>#..eQ....6...X....m.+........c...2E........./s.7_r^.|R).{.....W..^O....E.z:y....._09g0...n...@..x..Y^........$..)K.)...$..}..l.x....'....E.^.+.C..o......t.....>../..^O..6\..8q...A..P.V)."......lru.......n..)W...l_'!.....T..)4LQ.......O{.+}A.Ja..R.i..4..-..T..B..6u...B..O...[Ka.~...V..Z.:.OD.H.R.....]5.s(y....3.|.V.}..2.u.......x.....d....~...?.d9..R.b......H.$W}G..j5.ij....._O.b.p.@DoSJ!."..".!..I|rU.D....'..d...C(.sB@...*q.....Ule..P0CL~REU[..J..,/1M.3......=p...1.;...)...s.*...G...1g.x...4Dd..~......W1m......2.a.@.j:....cr..E...}`._....7._....o.S0.i.8s........,...y.}g...y|.x.F.qu....&.4%9>..s..<.... M..5.W1uK...G.............`.._..GC

                                                                                                                                        C:\Program Files\NetSpot\Microsoft.Web.WebView2.Core.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):503488
                                                                                                                                        Entropy (8bit):5.443413703792705
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:ZCtxgrB3ye+iKzORFNgeA+imQ9pRFZNIEJdIElxPrEIgcvLcglxMwCepM1STUP3u:hecQ
                                                                                                                                        MD5:771F93F95A675BE5E18764EBD03FAAD3
                                                                                                                                        SHA1:EFC18C566FA2ECFCE34842065AFF94E9A2AF65C6
                                                                                                                                        SHA-256:9E4CD6FC41D39B8D8AC3BC9E6C3831F5CE889B02D67D15B6B131C49F9B4931BC
                                                                                                                                        SHA-512:0D8A936A0CA75A4C20C205192DDF303E4C2282644578A18753554E6B71BA9CD04285138CAC0829060D9983D2C727D14D8532E327379CB2148A03B6186E12100D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@e.........." ..0..z.............. ........... ....................................`.....................................O........................,..........T................................................ ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......................................................................0..G.........()...}<......}>......}?......}=......};.....|<.....(...+..|<...(+...*..0..I..........(!....o.....8..o,... .@..3.r...p.s-...z.z..o,... ....3.r}..p.s-...z.z*........................,.......0../........{....- ..{....t....}.......r...p.s....z.{....*................."..}....*....0../........{....- ..{....t....}.......ry..p.s....z.{....*................."..}....*....0../........{....- ..{....t....

                                                                                                                                        C:\Program Files\NetSpot\Microsoft.Web.WebView2.WinForms.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):39616
                                                                                                                                        Entropy (8bit):6.416250430782703
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:XNGbP6+wTXtcZDgcEST3p4Jjrjh2jJFSUyauYv1JKia5/Zi/WGQKVu6bxunOX+kQ:9Gm+gtcZDgcEST3p4JjrjaJFSUyau01o
                                                                                                                                        MD5:D399583F6B460F81F4AC093092F1E689
                                                                                                                                        SHA1:1C88A6FAB0C6C11F02D4885994002061D2286346
                                                                                                                                        SHA-256:D7C38AEA080A3B75C1E995AFEE9FCF3281B5A386DF5526F712A5691A959DB0E4
                                                                                                                                        SHA-512:EA805FE011C797C8248289A2F22651A1304E414825A4BD14FCB7406A8DBE5C3C3E6E94DD2DBCE3A0AEB2ACCDEA19C2EBF80800A9EB0DCF0140808CB2E1617379
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U............." ..0..d..........z.... ........... ..............................kO....`.................................(...O....................n...,..........D...8............................................ ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B................\.......H........7...E...........}..@............................................(....*..{....*>..}......}....*..{....*>..}......}....*..{....*>..}......}....*..{....*"..}....*..{....*>..}......}....*..{....*"..}....*...0..d........{....-K.(....-..(....-..(....-..(....,+..(.....(.....(.....(.......s....(....}.....{....%-.&.(...+*.0..C..........(....-..(.......(....,'.o.......(....o......(.......(....o ....*..0..B........#.......?}......}.....(!...}.....("....(b......(#.... . ...(#..

                                                                                                                                        C:\Program Files\NetSpot\Microsoft.Web.WebView2.Wpf.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):46272
                                                                                                                                        Entropy (8bit):6.3915296931618455
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:Qn/WlAKj4s0TV09797+nXDheteXBxc78OSWbZ8lcDP/ryEH0UBy4JjrD1h2j5h3O:Q+msYXR3QZ8lcDP/ryEH0UBy4JjrD1a+
                                                                                                                                        MD5:69F06655D5D78AEAD71408B2E2702550
                                                                                                                                        SHA1:FA57F4FF13CED854EE78C358C7A000C35D9FD1F6
                                                                                                                                        SHA-256:610FC814767F08378861B15FC6685FF6D34261931BA0324D309EA902B48BDF44
                                                                                                                                        SHA-512:9FD911EC95A44F4830887E9EFDA7AA808DF7349918FE45C20F3246DC40462CE5CE419196DC4A2F5C67E5970BFDD34F55BA36D8BBC53606A15924596C13DB0290
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0.............R.... ........... ..............................).....`.....................................O........................,..........(...8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................1.......H.......4B..4X..........h...@.............................................(....*F.~....(....tV...*6.~.....(....*F.~....(....tV...*6.~.....(....*F.~....(....tV...*6.~.....(....*F.~....(....tV...*6.~.....(....*F.~....(.........*J.~..........(....*F.~....(....tV...*6.~.....(....*F.~....(.........*J.~..........(....*F.~....(....tV...*6.~.....(....*6.t.....}....*.0..r........{....-Y.(....-..(....-..(....-..(....,9.(.....(.......s.......(......&....(.....(.....(....}.....{....%-.&.

                                                                                                                                        C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.Shell.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):554176
                                                                                                                                        Entropy (8bit):5.901841445437236
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:StIgLGv5WBfXkYlsL/Nz++R1yji08n3uzxRQKEPmBm9C5vEx3tcQ8Vub8xPtwZEY:Cz81Dn3GQ/9C58x3tWXH9gvj9
                                                                                                                                        MD5:5AF9EF2D3E04E86E8F05F6C368492F50
                                                                                                                                        SHA1:0531597E55FA05A662B6F4F368596AC7D0E51287
                                                                                                                                        SHA-256:A5107F0AA4908CD1237BD818BCC797543C0EA4BEED0429CD160A9920CE13B201
                                                                                                                                        SHA-512:BBC3453C41E094E840FEC6F33B9A523B2983EAA1725268E25654960C07157F95C6D74C90EDB31895661DB598DD5B41E81ABEBE980257042C0885B5788482DDE4
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'.WL...........!.....>...........[... ...`....@.. ..............................6.....@..................................[..O....`...............H...,...........Z............................................... ............... ..H............text....<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................[......H......../...+..........x....N..P ........................................"8...7o...H...ek..E.y.....AtG9..\..9X.1..<0y....c.G.=...?..5."..G.j8...0;."=..Z...w?....=.U.S[.....2.X.gP..@...#Q...2.r.($.....(......(......(....*..($.....(.....~%...(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..Z........(+.....(......(....(,......|....(y....r...p............{.....i......(-....(...+...r...ps..... .....{p...~%...(/...,\.{.... ...._-N..{p.......(n...(0...

                                                                                                                                        C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):117440
                                                                                                                                        Entropy (8bit):6.144301944790689
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:mfBa6TWUNuRhicznzcSZRazyDG43vjyMcnFlizn+e:7UNuZjAI+mvuMX+e
                                                                                                                                        MD5:406AE2EC01F5C8D9A497A93CE899B6D1
                                                                                                                                        SHA1:AC788C740A3D50323B9C370A8781E7A9418C25C3
                                                                                                                                        SHA-256:A62F9A9AA01EC1F7FE207EA53A5F065C2925910C54FA084485763C1E46A84711
                                                                                                                                        SHA-512:6D136EB03D6911F2432D61558B771A56AD32B3B88BFBF08F8408436A8D0A086C8017DA22D73A830A66070559142FF8538A02316A006E7E709489EA2440F02C66
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.WL...........!................n.... ........@.. ....................................@.....................................S.......h................,..........`................................................ ............... ..H............text...t.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................P.......H........................r...!..P ......................................N......@...&. K...Z......_.......7....L4.5.m..a......eJ.iM..t8...A..yST#^Es..x.z{Z......j.\......o...?+"0t.!|.......]-.3.:.(......}....*..0...........{......E........t...Z...+r..}......{....{....o....}......}....+9..{....o....t(...}......{....s....}......}.......%..}.....{....o....-..(.........(......*....................{....*.s....z..0.."........{.......YE............*...(.....*..................

                                                                                                                                        C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-arm64.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):17088
                                                                                                                                        Entropy (8bit):6.905840040200711
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:DJXGcKksPu2pwKNs+MO6AM+o/8E9VF0NyhpJ:DM++SAMxkEX
                                                                                                                                        MD5:9A6D05620FDCCF0FAA0035A92D449124
                                                                                                                                        SHA1:D6A9F5B1856DE5415A5C95A6B5FCCB6D65E18C82
                                                                                                                                        SHA-256:1872D58BC3694A46E64755F63A706AA79AA05F7C3859C091AAB2C9D07D5704EC
                                                                                                                                        SHA-512:8D4C4FE5FEDB7B45B5980FAC62D919F89A54085FDAD15B2FD10CDDA4EC840926AED3D207FE08F79135F10CA039AB441709E7D213B78631777A5FBF71FAD4C62F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............V*... ...@....... ..............................b6....`..................................*..O....@...................,...`.......(..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................5*......H.......P ......................h(......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob............\.........3........................................................k.n.....n.....[.................9.../.9...N.9.....9.....9.....9.....9...X.9...*...........r.............C.............K.".E.....V.!.....U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U...Y.U...a.U...i.U...y.U.....U.........

                                                                                                                                        C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x64.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):17088
                                                                                                                                        Entropy (8bit):6.899501492071725
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:weuVMHq2/rQpwKNs+oJAM+o/8E9VF0NyNy6/:wQ/R+eAMxkE+s
                                                                                                                                        MD5:C0127A419AE6EB2EAF245CE3B9E5EAA2
                                                                                                                                        SHA1:3BFACFD3A6B135043E7682473F2A9BB2C015873D
                                                                                                                                        SHA-256:A2F66C3723A053002765B744AA91C2726A9FDE00E4AD4A2FA08428601ABF9CC6
                                                                                                                                        SHA-512:403D90E32CDC82B654BB3E1636500387418CA2386FAD26845E69DF78F38D90186C4557F450A50EDFCAA3041605DA426862168D69EE6BAEB5020A8A736BEC17A2
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....j..........." ..0.............F*... ...@....... ...............................o....`..................................)..O....@...................,...`.......(..T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................%*......H.......P ......................\(......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob............\.........3........................................................g.h.....h.....U.................3...+.3...J.3.....3.....3.....3.....3...T.3...$...........n.............?.............E. .E.....V...~...O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...y.O.....O.........

                                                                                                                                        C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x86.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):17088
                                                                                                                                        Entropy (8bit):6.90004738042243
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:0euN8y3+mrnOpwKNs+nBGAM+o/8E9VF0NyFPu:0dDrr+BGAMxkEW
                                                                                                                                        MD5:F7287AC5C77ED7682110DC60DEFF5364
                                                                                                                                        SHA1:1D909ECAD37F36F8468F273F5BEFCFE21DBD302D
                                                                                                                                        SHA-256:319308FD8D5E0464CE199DE497DDDD1E9666B064319F7FCE631C4A13150DA787
                                                                                                                                        SHA-512:FDB64DE310E7066FDEEA7C47D9B6CB661B7F42722A755D597C6EB5E11622B1B361EFF4C0E52C937E417E01C2CD7AEEA8785E739BD2F8D0931CCED9518764EA1C
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!3............" ..0.............F*... ...@....... ....................................`..................................)..O....@...................,...`.......(..T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................%*......H.......P ......................\(......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob............\.........3........................................................g.h.....h.....U.................3...+.3...J.3.....3.....3.....3.....3...T.3...$...........n.............?.............E. .E.....V...~...O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...y.O.....O.........

                                                                                                                                        C:\Program Files\NetSpot\MuPDFCore.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):95936
                                                                                                                                        Entropy (8bit):6.183235631950533
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:Bik/wSVM+OfIUdM6JOqBX9y0Bw4hgMKWHRD07XfgeEaR+JxN:Bikw5fLM61X9y4LgMKWNIR+1
                                                                                                                                        MD5:3963D31541913BC800F0B213B32671FC
                                                                                                                                        SHA1:76DDF0A0CBE75C475D000FD86A25900A720CBA88
                                                                                                                                        SHA-256:48A86A9037B19ECC05BC4F1270C9EB5C4B2209D549E0E44B6D132B7262F00022
                                                                                                                                        SHA-512:37367CB322315083F8D41A2A4F9993DA168FE2A4AE8BBCD5BA917914ED5690D0FA41B734EB42003FE14258FF1566A68D454632A8EFB5E0F014E003AF372A309A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..@...........^... ...`....... ....................................`..................................^..O....`..L............J...,...........]..T............................................ ............... ..H............text....?... ...@.................. ..`.rsrc...L....`.......B..............@..@.reloc...............H..............@..B.................^......H...............................,]........................................{H...*"..}H...*:.(#.....(....*Z..j}J....(#.....}I...*...j}J....(#.....}I.....}J....{J....j1..($...*..{K...-'.{I...(%....{J....j1..{J...(&.....}K...*...0............o.......(.....*...................:..o.....('...*>..((.....}L...*"..((...*..{N...*.0..:........(#...()....o*......i.X(+.........i(,......i.(-.....}N...*n.{M...-..(....(%.....}M...*...0............o.......(.....*...................:..o.....('.

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Base.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):42169536
                                                                                                                                        Entropy (8bit):7.62138260170293
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:786432:taYTMms1/OlLXCDPpnZQkrwCd2i/CxDdZJiGVLlaCP46f/ZQIykPbruYlvl8F//B:t76/OlwpnZ/ECA6CxDdZAG9l7rf/ZQUG
                                                                                                                                        MD5:2D7A7DCCCE26F5A6158605C22764D02C
                                                                                                                                        SHA1:F220CFC9FBA06B0A51C5A25A896046BB1F750B2B
                                                                                                                                        SHA-256:BEECDCCC5794D5898448830910D7C7D45B7F8B8B3C99332757E7ECE122F76788
                                                                                                                                        SHA-512:52B8AE37BD88E6DE9262764BF3FA525710DF9B6227E33AFAD2D458A7E9286E79ADF229AE87C17E68A4390518570F93AD0DBCFC71CF339CD1DD32EE188F7BFF2A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<..........." ..0..@..........^[... ...`....... ..............................j....`..................................[..O....`...............H...,..........\Z..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................=[......H........8..4................Iy..Y......................................>. 4......(,...*2......o-...*:........o....*.0..,........o/...r...p $...........%...%....o0...t....*&...o1...*..(2...*.~....*....0..)........{.........(3...t......|......(...+...3.*....0..)........{.........(5...t......|......(...+...3.*2.r!..p(...+*6..r!..p(...+*2.r?..p(...+*6..r?..p(...+*2.r[..p(...+*6..r[..p(...+*2.r{..p(...+*6..r{..p(...+*2.r...p(...+*6..r...p(...+*2.r...p(...+*6..r...p(...+*2.r...p(.

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Base.dll.config (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):36743
                                                                                                                                        Entropy (8bit):4.26494414720123
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:zr757ABnPt6ECtQz7QFDj1aJSIJ8hJ5aAabsaNaIa1alhI4Hy6We2Sada1FH+oR:zX57ABPt6ECtQz7QF/hDROD2jeNCIRP
                                                                                                                                        MD5:0587F9E70036BABD971A31B33A3A1075
                                                                                                                                        SHA1:8696C4029A3A60E6F20BAE094D0DFAF165E6825F
                                                                                                                                        SHA-256:D6015D37F696A237D42C6E33B59273E1EDB129C92F390EDEDE825834651D4F6F
                                                                                                                                        SHA-512:1CAF000F3C8CC53AC743EC0EC98F54517E4ED462A63E4663C2DB7D21A8DDD68F800B17E7AC09F9967DE229DA306BE287EC59A6E9C6AB55CB51DF5F3FA870BC5D
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="MainWindowLeft" serializeAs="String">.. <value>50</value>.. </setting>.. <setting name="MainWindowTop" serializeAs="String">.. <value>50</value>.. </setting>.. <setting name="MainWindowWidth" serializeAs="String">.. <value>1280</value>.. </setting>..

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Core.Base.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):213184
                                                                                                                                        Entropy (8bit):6.029136266504707
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:5WKxjB7ckkZfM9xFR42GhjKEu9gU+O8FM51t5Lsff9XAcLmGXZiSS8GF1fK3LjEu:9RQZMJNIWXgUn1LLsxAnYZaaPW+r
                                                                                                                                        MD5:20AE959144C1617CA06522162BD5B2DE
                                                                                                                                        SHA1:654427C860D59C787FC4A51EE2E2964635B264C9
                                                                                                                                        SHA-256:1F42A24C33D0CDF2347F0105D35278FE9D713C6E7AC5BFB3AC97C77571D58D62
                                                                                                                                        SHA-512:5118ED89C8B3D8165FD32B0DD5B6BFC58B678FA978824B5CCFD79676818A7A7184C01816731292F48B02B2B6E8E9C8238081A2F7F4D47CD96DF0BFAD73567450
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............6+... ...@....... ....................................`..................................*..O....@...................,...`......,*..8............................................ ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H..............................)......................................:.(......}....*..0..A..............9.....9....8.....o.....Y.s..........%.X...%.X.o.......o..../...o....(........(........s.......o.....Y.s..........%.X...%.X.o.......o..../...o....(........(........s.........o....(....,%...o....(....,.....(....,.....(....-......{....(....+.....(......-...o..../...o....?.....-$.o.....o....Y.+.....(........(....Y..*v.-.~......o....*~......o....*^.s..........s.........*..0..

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Core.Discover.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):50880
                                                                                                                                        Entropy (8bit):6.269476648862555
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:Xbg+pHH9VDgBN0cyzFnQWMJpMsR3Rf8sNJG+DgAMxkEj:so40x5yJmsRKsNJG+Duxn
                                                                                                                                        MD5:5D4A784B1151F073301874AEBFB3D5DD
                                                                                                                                        SHA1:1A448375FBA97616562954ACE158A6C1B7ACF57B
                                                                                                                                        SHA-256:8BD4E11D3141377CA835518C45440380285890195FE2C85D1D73FF4159A204E6
                                                                                                                                        SHA-512:2A626D769381D5C34E5892093CBCF23DF5EFA5677458F5090576304039D773D95BB3125F651CD08658081751E2226E8F6E7980CAD9067C71117D42405444A3B7
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]............" ..0.................. ........... ....................................`.....................................O........................,..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......@V..4X..................t.........................................{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{ ...*..{!...*..{$...*..{%...*..{&...*r.{&........}&....r...p(....*..{'...*r.{'........}'....r...p(....*..{(...*..{(....(....,...}(....r-..p(....*..{)...*..{)....(....,...})....r9..p(....*...0...........(......}......}......}......}.....~....}......}......}......(....}.....#........}.....#........}......(....

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Core.Predictive.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):69312
                                                                                                                                        Entropy (8bit):6.169463353945635
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:0WP+VRlI9MxGNxyxYKZdIU0y3DM29kx+NLjpxX:0PV3xGNxGxZdIU0yTp9kx+p/
                                                                                                                                        MD5:CDA636E8320D3E9F3B661049F1E66237
                                                                                                                                        SHA1:9E842CD6AB967EBAA317C60F0E3FCC21A2EA0614
                                                                                                                                        SHA-256:86E5D9ECEE4105E3408FD8C2AE7FB78AB8C87A68E5CCDD1F19BCF2CD5A783E7E
                                                                                                                                        SHA-512:570B9ADFBFDB7A58482EC5EA2277024F6D3902DF4308433D853B43EB3FD4AF0ED0DCBB5250EDE87E18B81C421E3A86EDFEBB4A2D1C91BC2CC3BE8EC80BA79366
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....j..........." ..0.................. ........... .......................@......vt....`.....................................O........................,... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......|....q..................4.........................................{....*..{....*.... (....-..r...ps....z.{.....(....,...}.....r...p(....*..{....*....0..[........(.....-.r...p..s....z.,.... (....-.r...p..s....z..}......}......%-.&r#..p}.....s....}....*..0...........(.....-.r...p..s....z.-.rS..p..s....z..}......}......{....}.....s....}.....{....o.....+..o......{.....o.....o....-....,..o.....*.........W..v......z.{....-...}......}......}....*..{....*..{....*..0..........

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Core.Survey.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):88768
                                                                                                                                        Entropy (8bit):6.120782262211716
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:xm+Jb5CBYDynHOEBImUCy0RlvghPTZddZT5NXOeiPN+3fxGKm:g+JlDyuSNlRlvglTZdd55xOe0N+3Iv
                                                                                                                                        MD5:AA0265DDCCDB445AE6205238472F801F
                                                                                                                                        SHA1:04CBE89552C8C325465010D11F92924515EB554E
                                                                                                                                        SHA-256:E19F114A26A7AEBA795BA3FF2BCC83744A6716CAE70979D9CD88DFD2657FAF6E
                                                                                                                                        SHA-512:CCD45BAC3565FA98A45925BF12FAB4D61008AAEFC79B2912DDC19D1B1E54730C4E83FF4A588F8E24A38EBF29F72DE35E38C29246C5F25904AE2E56CA25E31A3F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............." ..0..&..........*E... ...`....... ....................................`..................................D..O....`...................,.......... D..8............................................ ............... ..H............text...0%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................E......H...............................C.......................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*..{....*..{....*r.{.........}.....r...p(....*..{....*..{....*..{....*r.{.........}.....rA..p(....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..0..o........{.........(......(.......+...(....-..+...(......(....(....,1..}.....rU..p(......{.......(....-..{....+..(....*..{....*..0..

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Discover.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):306880
                                                                                                                                        Entropy (8bit):7.104937912189691
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:ARxrQnSjAVdNlbb0xRX7e9bGjjM6Z4ne8KkCUI1r+tn:ArAVdPwx2yv4neNrUxtn
                                                                                                                                        MD5:5544034252AE9539556A5280668DA27C
                                                                                                                                        SHA1:741E53AB68B10EC7E648A7952B117A7FBC490C8C
                                                                                                                                        SHA-256:40B566171AD85A6E057DACFB0C910178D2D4B6277C314768DCFE78C5679710E8
                                                                                                                                        SHA-512:B057D201FDF4B67C58A69EDBEBB7BF0774FA34DA326CD67E9DC9DB2E8A080B167CB4CD2C8F72CB7521EB1FED3D7E8F8CDAEF832394B05DA618C8E8E4B3B0571A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.B..........." ..0..z............... ........... ..............................A:....`....................................O........................,..............8............................................ ............... ..H............text... x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......8j..@...........x... ...........................................2~.....o...+*z.-.r...p..s....z..o...+......*6.(.....(....*...0..$........{....,.*..}....r...p.s.......(....*"..}....*6.(.....(....*..0..'........u......,..o....-...o......{.....o....*..0..$........{....,.*..}....r...p.s.......(....*...3$..t....}.....{...........s....o....*..}....*6.(.....(....*..0..'........u......,..o....-...o......{.....o....*..0..$........{....,.*..}....rC..p.s.......(....*...3$..t....

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.Engine.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):25792
                                                                                                                                        Entropy (8bit):6.632952477017057
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:CCoWkOcyufdHrURTrfSjXwemdgPpwKNs+NHPAM+o/8E9VF0NyMlW:CCGXJUtajKgE+ZAMxkET
                                                                                                                                        MD5:CED278CEE35E9A8D28369D9E0B47CCD1
                                                                                                                                        SHA1:66D2E501FE4D94CC833DA13288F11B86E79AD5B9
                                                                                                                                        SHA-256:241121D3AEF4781A595121A40B2FF40159587821C872C3E8601200C70A8D03A5
                                                                                                                                        SHA-512:84EE94D96B6A28518F4B5066AD72AFC7CC7A58D69514D0B916E89C5F8C6D56A6B026A1DBFBAED3C23B651A2EDABE9D7E7C69343FE5531FC68F1E9A67BFFF8C17
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............" ..0..............L... ...`....... ....................................`..................................L..O....`...............8...,...........K..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................L......H.......h,......................TK.......................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..C........(......}....r...p(........{......o..........!...s"...(......}....*..................0..........r...p(....&...(.....*....................0..Y........-.r/..p..s....z."....5.rA..p..+....s....z.."....5.rK..p...+....s....z..k"....4.rm..p...,....s....z..(....,..*..{.....X}.......}....~...

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.IperfServices.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):21184
                                                                                                                                        Entropy (8bit):6.734286901929472
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:URztVqrrT4350+pwKNs+kYAM+o/8E9VF0NycY4PMr:URz707+DAMxkE6LPU
                                                                                                                                        MD5:406D01A814E845A3B5ABC94931A1CA14
                                                                                                                                        SHA1:C55C0507A16B0CA7BFD323C05CC8BF64C6AE9D72
                                                                                                                                        SHA-256:FDFD4A7CBF9811810BA1F8BBE745BCD674275C06528808AB4008C0F2717FE185
                                                                                                                                        SHA-512:E3F898E86F5496C8334933924AA68050E1827F81139E6FB695BFD9407529BA680D605C3ED7D4822262C44605AD1963C35165406875D8B615771E1BA6D8C8E1D0
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............;... ...@....... ...............................r....`.................................w;..O....@..L............&...,...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`.......$..............@..B.................;......H.......l(...................... :......................................f.{....,..{....o.......*.*V.(......}......}....*n.{....,..{....o......}....*.0..f...........(......(.......r...p(......(....(...+r...p..o....,..o.....+.~.........{....%-.&+...o....r...p....*..........HH.......0...........-.rM..p..s....z.-.rW..p.......s....z.#.......?(....(....,.ra..p.......s....z..-.rs..p...s....z.....(......(.......r...p(....r...p..(....(......(...+r...p..o....,..u.....s....z........%.r.

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.JsonServices.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):287936
                                                                                                                                        Entropy (8bit):3.2856861072698464
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:VccViPfSPLgBejO1yvzUoFoutUmLqez7Pw3KXaSP98roNpFkKjFGZrQa1r/mmxl+:VRjgYBUoFoIw3URGNLS/Mln+rCAMxkEi
                                                                                                                                        MD5:EA838BBB8C7E59ABE1F8F484D40A063D
                                                                                                                                        SHA1:E024251B0DCFE376DAA4712CBBB7D41D025BC450
                                                                                                                                        SHA-256:A5BC3241D5778C887428405B7840DD05C3DCC8919F57B7DE30C2DAC3AD1ED253
                                                                                                                                        SHA-512:8E1B71A3D6322C9923FE4ECF50004DA97BB9D5F14CF9FBB404F7383800C0048A58A283FDC359B96C1559C9A53784FB18742BCAC41F4BDA413A58CD6DE6C4630A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w.7..........." ..0..............J... ...`....... ..............................kH....`..................................J..O....`..@............8...,...........I..8............................................ ............... ..H............text...p,... ...................... ..`.rsrc...@....`.......0..............@..@.reloc...............6..............@..B.................J......H.......@....%...........S..@...$I........................................{....*..{....*..{....*.0...........(......(....,.r...p..s....z..}......}.....s....}.....{........#...%."...(....o.....{........#...%.!...(....o.....{......:.#...%. ...(....o....*.0..,........-.r...p..s....z..(.....o....(...+&..&.....*.........%.......0..K........-.r...p..s....z.(.....o..... (....(...+r...po....o....(...+.s....}.....s....}....o.....8......(.....s.......o4...o......o<...o......o>...o.....

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.Polices.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19136
                                                                                                                                        Entropy (8bit):6.766582192844977
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:Fab8qy+Cqy+gjqy+fqy+g3ipwKNs+EP93AM+o/8E9VF0Nyzhx:Fk8qyRqyVjqyAqyx3+q3AMxkEXx
                                                                                                                                        MD5:3806DD6191DDFA52BE38A2E24EE1553D
                                                                                                                                        SHA1:6A08F301112873E5039630EF618B3ECEBF04E1F6
                                                                                                                                        SHA-256:21B098C0D71D552BA0FC22E0E7E76383B0FA2C9248C296ACED744FF09914698D
                                                                                                                                        SHA-512:5D8D9CD398AA22DBD4CF772D96836D14CCA57C0013A4EE01A027F7D2AC3D765F5EA26DF539258BD1C703DA0CD83D0B055CE42629E9E5943DE5107D6E367C6538
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1............" ..0..............3... ...@....... ..............................XX....`.................................M3..O....@..(................,...`......|2..8............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B.................3......H........$.......................1......................................B.{....%-.&~....*....0..b........(......}.....~....}....r...p(.......r...p.s....z...(......(....(........(....rS..p.s....z.(.....*...(.......$........2..G........2.(Z.......0............(.......(.....*...................:..(.....(....*..{....-!.,...}....(....r...p(....&..}....*...0..2........{....,.r...ps....z.(........r...p.s....z.(......*.......................).......0..9........{....,.r...ps....z...(.

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.PredictiveProjectFormat.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):95424
                                                                                                                                        Entropy (8bit):3.97476551758576
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:02BN36Vyaray1QR9xXUOHo8QsJ7VWfRvS/9QUld+Vxh:02BN36VyarawQBUOtQc7VWfRq/9QUlde
                                                                                                                                        MD5:B739BA39557A7E65930F0273C8BE97F5
                                                                                                                                        SHA1:8E06026BDE4C3463D0720B9C2ABE3811604FE3D0
                                                                                                                                        SHA-256:F1F529DBC31344DEDE7CCAEFA1C6B67E18F345178513D2E0564BA48578531C96
                                                                                                                                        SHA-512:3D252E7EB1FAC0C04699169B87448FC0C4B80EE81188455158C41F585291E0710756212393C9AE417DE7839116EA115390BA5F9A5E90CDC7EC64FA40F7971550
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>...........\... ...`....... ...................................`..................................[..O....`...............H...,...........Z..8............................................ ............... ..H............text... <... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................[......H........C..LF..........D.......LZ.......................................r...p*..(.....-.r...p..s....z..(....,.r%..p..s....z..}......}....*..j*J..j....j....j..*.*...0...........,..(....-.r5..p..s....z.{....rG..p(......rc..p(......r}..p(.......(....&..(....(......(.........(....%{.....{.......&..s....z(....(.....(.......s....*..(....B.3u........B.3x........B.<~.......0...........(...........(....*..0...............r...p(....9x....r...p.(....o ....8E.....(!.......r...p.j(".....

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):41664
                                                                                                                                        Entropy (8bit):6.282048576545937
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:uLz79sVpbUksSfYXG56U+aeu3IcA/KhROU+uptGVvAoOcEnO6WPr/89LM3bRHP4/:2I4Bu3hxOwSEl9LIbVSOuBY+lAMxkEH
                                                                                                                                        MD5:4A01C17927D78B386AE3138D974EB4FB
                                                                                                                                        SHA1:FC24A8D528AD089E2FDAC344598DC71B76F89044
                                                                                                                                        SHA-256:FA533973B5394AFEB264AEF26A6A92615B5DBB3D3B8A9C0E61339DA7CBA5C374
                                                                                                                                        SHA-512:B8875026365C4701E3217D8112CCD3F27FD4081767D58A636A37DC09A888ACBFC2373AFE0431C34ABBADD480575199153DA9B6101C89257BA13D6E652DFA652E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..l............... ........... ....................................`.................................S...O....................v...,..........d...8............................................ ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B........................H........C.. E..........................................................r...p*..(....*..0...........,..(....-.r...p..s....z..(.........(......9.........s.......o.......o%.... (....o......o'... ....(....o.....o3...o......82.....(........s.........oc.... (.....o....~A...%-.&~@.....q...s....%.A...(...+... (....o.......oe... ....(....o......og...o......8z.....( .......s!........oA.... (.....o"...~B...%-.&~@.....r...s#...%.B...(...+... (....o$......oC... ....(....o%....o&...~'...

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):128192
                                                                                                                                        Entropy (8bit):3.1586724751323394
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:IafH95R0eeD4wZzzkvxEE3GO6cX8omcKIbil3J7EgVW+z5pRucjaS+hUAMxkEzw:X5GTQ6cX8953J7xzwqaS+Mxw
                                                                                                                                        MD5:59FD4AD45530FB35FA5FADB129520B0F
                                                                                                                                        SHA1:4D2E32DB40FA19669A0A329CC8D0B90A598276FF
                                                                                                                                        SHA-256:1A572EF9990966974785653D753427FCE36CF2C55EDC240E26C3A97C4BB1B86D
                                                                                                                                        SHA-512:8C1E588D2CC0E3168CACBD3404D37AF76CE83916EC489FC0803F4FC17E69BB25A4963ECC69F5DDB046F447D8FC833139AFB1F9EAB4A219E5B6E17763BF134894
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......b.....`.................................s...O.......p................,..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......@H...R...............@...........................................r...p*..(.....-.r...p..s....z..(....,.r%..p..s....z..}......}....*..j*J..j....j....j..*.*...0...........,..(....-.r5..p..s....z.{....rG..p(......rc..p(......r}..p(.......(....&..(....(......(.........(....%{.....{.......&..s....z(....(.....(.......s....*..(....B.3u........B.3x........B.<~.......0...........(...........(....*..0..{............r...p(....9_....r...p.(....o ....8,.....(!.......r...p.j(".....

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.UniversalProjectFormat.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):22720
                                                                                                                                        Entropy (8bit):6.712254485514843
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:BQQlMLw4QQKnSJaAH40arn3ApwKNs+102AM+o/8E9VF0Ny6Of:iBnKSJ9Tk31++2AMxkE7f
                                                                                                                                        MD5:0CA7445ED82E327D9A1FDBA38F1EEFFD
                                                                                                                                        SHA1:7B56DBF6E4BE653F838B39A17108998A768D6249
                                                                                                                                        SHA-256:E038096E901F3760D4635121B409C13356B2258E7685DDA299735D59EB90B118
                                                                                                                                        SHA-512:7BA00F39BB5E73391FE5F7FEFA815928A8AAA81D6CF010BAC61F641EC112D0B5D66A3D771131E0D811C28D7EA3BA4FEBE66DAEAB5206504941A10F7FFC2856A6
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............" ..0.."...........@... ...`....... ..............................%.....`..................................@..O....`..|............,...,...........?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc...|....`.......$..............@..@.reloc...............*..............@..B.................@......H........&..\....................?.......................................~....o....t....%r...p.(....o....%o....*.r...p.r...p(.......(...+(....t....o....(....*...0..............(...+(....t.....s......o....,a+W.o....s........+5....o........o....-....o....+........o......&.....X.....o....2...o.....o....-..*.........6.+a.......0..............o....,..u#.....-..*.*....0.. ...........o....,..u(...,...(....+..*.*.0.. ...........o....,..u)...,...)....+..*.*.0..%...........o....,..u(..

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Infrastructure.WiFi.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):58048
                                                                                                                                        Entropy (8bit):6.262611160823602
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:XqORiwJZpUaygmA2wCD3QipnWXTTyX774K+QxE:PrHUaygmA2wCcipWXA4K+p
                                                                                                                                        MD5:1AE00E38D734FBF27A78735437004011
                                                                                                                                        SHA1:02889A3ED357D63BB1E3CED38CC3C724E1F9F9A2
                                                                                                                                        SHA-256:9E7B00A44F3515F15A5A3F89B43279CFFD7D6F744A9C88974E98DE70D8F6F81C
                                                                                                                                        SHA-512:9900972F5A989D7CD5DA1E4056BC4AB532FE8607D7E6FC9CD6DDE14A25355DA748309E552B7994EAC601D6AB1B9115B5899EFD69CB66B8C54C03D86F9E029743
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=C............" ..0.................. ........... ....................... ......./....`.................................W...O........................,..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........H..\s..........l................................................0...........-.r...p..s....z.-.r...p..s....zs......o....&.r#..po....&.r...po....&...io....&.r...po....&.o....&....+...........(....o....&..X....i2..r...po....&...io....&.r...po....&.o....&.....+..............(....o....&..X.....i2..r...po....&.o....*....0..........s....%rS..po....&%..(~......(n......(/...o....&%r...po....&%..(~......(o......(....o....&%r...po....&%..(~......(p...r...p. .(....o....&%r...po.

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Predictive.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):794816
                                                                                                                                        Entropy (8bit):6.619262064540609
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:xwv4iRaX1OQZmHwcfc8c64iRi0R3Q7bAwA7LrjCBS+rZ3UnY8FpWOWJldEqAVdPf:X+UUx7ES+BUnY8FgJldE1hwd17w
                                                                                                                                        MD5:62D585A19E7F2503CF321BA8C7AA1EEC
                                                                                                                                        SHA1:CD65A7860DAED9B1A6539353869793A5B758EDA5
                                                                                                                                        SHA-256:EC4437A7A814D29F7E6C042429249DDA091AF67BFDBDE40CE142BB842406D59F
                                                                                                                                        SHA-512:BFDA4DBA71EE30BF2A3DD60F01659EA0A70C57BEBD4AA1DC0CB811B175B492B93BFA0660F7FF2E6EE535E9CE1F0192279D3BCB517737031C79A1468F6E3CD4BA
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.h..........." ..0.................. ... ....... .......................`.......3....`.....................................O.... ...................,...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............M..................\.......................................2~.....o...+*2~.....o...+*2~.....o...+*..0...........-.r...p..s#...z..o...+..o...+o...+.('...o...+()...o...+o*.....o...+..o...+o...+.o...+.('...r...p(,...o...+.o...+o*.....o...+o...+()...o...+o*.........*6.(-....(....*...0..$........{....,.*..}....r1..p.s.......(/...*"..}....*6.(-....(....*..0...........u......,..o0...&*...0..$........{....,.*..}....r...p.s.......(/...*...3..t...........s1...o2...*..}....

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.Survey.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):628416
                                                                                                                                        Entropy (8bit):6.80397848490966
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:VOwssqCIM0dsDUF3BDS+AVdPwx2ycsn4K06g8rP4h:8wss1Lr5hwdN4h
                                                                                                                                        MD5:F6DB961E896F73507D5AFFBD4180EA79
                                                                                                                                        SHA1:206D42E0F90E246C66235F128300FF0715B05C17
                                                                                                                                        SHA-256:E5A80ED55479587CB3BC89A862042D8817480D65CAEE8846204A4F3958E40084
                                                                                                                                        SHA-512:6904C4E5190EEE19726C1DD18AAB0E1FC039879DAE24539B13019B1B44EFFCF536482166AB0D52968F93EEEAD0CC843E9FE1D13FC15B77C5DB9DC71A487403C0
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b..........r.... ........... ..............................R.....`.....................................O....................j...,..........t...8............................................ ............... ..H............text...xa... ...b.................. ..`.rsrc................d..............@..@.reloc...............h..............@..B................S.......H.......43...r..........................................................2~.....o...+*2~.....o...+*2~.....o...+*..0...........-.r...p..s!...z..o...+..o...+..o...+..o...+o...+.(%...o...+('...o...+o(.....o...+..o...+o...+.o...+.(%...r...p(*...o...+.o...+o(.........*6.(+....(....*6..s,...(-...*..0..$........{....,.*..}....r1..p.s.......(/...*...3..t...........s0...o1...*..}....*6.(2....(....*..0..$........{....,.*..}....r...p.s.......(/...*"..}....*6.(2....(....*..0..$........{..

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.exe (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):463552
                                                                                                                                        Entropy (8bit):7.198266681488947
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:bSUgXUnIJcP095xAVdPwx2y85xtAVdPwx3yeZC:bSUkUnIJcPphwd1hwoeZC
                                                                                                                                        MD5:5D11AE8FEF71CFFF200D1A28CAAB6BFC
                                                                                                                                        SHA1:C9601069312A8FE7AF17F21149B9950438BDCB98
                                                                                                                                        SHA-256:6E53EC39FBF8FCA637C1516D787133AF0436C9FE0F2C8EDBF467B6068C67692E
                                                                                                                                        SHA-512:7EA16FC73651D22D73EA570007B52185B14DF8910426A77A1FCF3AD4DFFACF3506FE57156377C744BC23700A009D42D646A4211BDC0D401CB0D28510B58AC21F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............."...0..D...........c... ........@.. .......................@............`.................................Yc..O.......T................,... .......b..8............................................ ............... ..H............text....C... ...D.................. ..`.rsrc...T............F..............@..@.reloc....... ......................@..B.................c......H........|..............DA... ..<b.......................................0..D........(......}....(....o....9!...(....(....(....(....( .....x...%....!...s"....%....#...s"....%....$...s"....%....%...s"....%........s"....o&....('...}.....{.....o(....{....o)....{.....r...p(*...(+...o,....{.....r+..p......%.rk..p.%.(-...o.....%.r...p.%.(/....(0...o,....{....(1...~...........s2...o3...........s4...(5...*.(6...*.0............(7...(....o....9....(....o8...-C(9....r...p(:...(:...o;...

                                                                                                                                        C:\Program Files\NetSpot\NetSpot.exe.config (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):456
                                                                                                                                        Entropy (8bit):5.010641042142334
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:MMHd413VZreI9YQTloTNft35n+0M2rFUNpoTDdxT:JdArtloTL44FyoTb
                                                                                                                                        MD5:0ADB1125319DD1F874237E526D3D74E0
                                                                                                                                        SHA1:140E9913C44BE829BC5EE36B9F37588570346B2F
                                                                                                                                        SHA-256:635B58F90AD8D5A07F8899AEB9FA54B16842632F8D2FB2B026F113BB2E921A1E
                                                                                                                                        SHA-512:BFB79686594109C0824EB7DF4CB5A5FEBD995770B1C2E611EB2952633ABCF90FBF46DCBD8265C52EA40C823F2C63F0B12C21B7913DBF75F19425E1CC0E0704F3
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <system.data>.. <DbProviderFactories>.. <add name="SQLite Data Provider" invariant="System.Data.SQLite" description=".NET Framework Data Provider for SQLite" type="System.Data.SQLite.SQLiteFactory, System.Data.SQLite"/>.. </DbProviderFactories>.. </system.data>..</configuration>

                                                                                                                                        C:\Program Files\NetSpot\Newtonsoft.Json.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):711360
                                                                                                                                        Entropy (8bit):5.964336164449275
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:WBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUME:WBjk38WuBcAbwoA/BkjSHXP36RMGnE
                                                                                                                                        MD5:446856771077F3F59D680F1D598A1094
                                                                                                                                        SHA1:98CA5E8351CABC78917A7327849081CD3B226054
                                                                                                                                        SHA-256:1355DA2CA786CC9C3410C04CE2F06E90D3C2C7896849E9133AC3B3122549B0F8
                                                                                                                                        SHA-512:DBB1461D5C08F29265220724DB86EC04134ABEE31A36E7448E26A911C91246044CB47BE291E1487770352708E45468A6C85E1703D3160AAEA4E679B32E51874E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O........................,.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                        C:\Program Files\NetSpot\PredictiveProject.ico (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):145119
                                                                                                                                        Entropy (8bit):6.16673676056021
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:ncTTfueUG72gX4nzTnAJsrA/YH3H3jX4oXwUXM8Uv7kr4Y/rQjc0YLY4HAXIbXLr:na1UGiGA0GyU
                                                                                                                                        MD5:FE122F8AFE02BD9E364996D3CD2E49E4
                                                                                                                                        SHA1:6910315CC0618B6AF86C286341DD2FF393A69FD3
                                                                                                                                        SHA-256:F6C6C59967AD2214888D58EFBF4F6131EB73E38167E2218A24FCAB8C5396BCF3
                                                                                                                                        SHA-512:BF9B2018C230E43111F8E471AAA03480D41856B9B48A8AC21179AA3F49BAF6886EF3A4DE36B538E0DE03626787B7012944D82706212BF077E1E97AEFDE4719E2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:............ .q...f......... .(......@@.... .(B......00.... ..%..'... .... ......!........ .h...w2...PNG........IHDR.............\r.f....IDATx...y.%.U...#3...Z..^.{........$..#......`....$`..$.c..c.......y<.x...H.......}{.....d......'N...U....;............C*....1...G.l "c..c..6..... "..E.2.Y.......e}v..l...gd;.-*~.v......3..............&.}.U....^...r8qx.{.z.u..Ic..;v.W_..{.......r...... rN`....".F@..x..Y....... ..c.L.5H/.~...574>n..h.L2.~_..2X.......p.&...G..;...]...).....?.W.(.w..l6)I..E.WG!6).4I^{....q.$...5.:.AL....2*.d..)6.3.n.c..!...+..g....y.i0\[...^..~.o....L../.....+q......j..lz.OD.I.1.........8..g.+.*.|G..k..6.u $..p.gH<O..m./.2v;o...g.l..UjW.](.=.K.K9......O..B...GJM...*.ug.D.Nc..$.."...(..'..C....}B.L...........R..<7...b.............C...4.N4..v............3R....Uu.g...9..z|..3."r.&...:u.u&.*.ug.e!)].......N....@.09.M....3.KB.....%..<..}.b...'..>......VaD......W.y|.x..qu.3..'.4%..b.y.a....7.......X....T.#..hu..S.fuj9o+`.L...(..W..t.....O3

                                                                                                                                        C:\Program Files\NetSpot\Resources\Sounds\Survey_ScanFail.mp3 (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):21314
                                                                                                                                        Entropy (8bit):7.794641659637111
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:kUlGzHao6HVhoKGUDhkfxjYWQzQ6FZNz1ufiGbKGCDrfZFd5zy4:k4ce1hrhbWj6jNz1GmGQrfZT524
                                                                                                                                        MD5:29A8D4BCBE47723E34182CCCBF9C5A55
                                                                                                                                        SHA1:08442FBA956AFD518E972F665CEB29BC31D867EB
                                                                                                                                        SHA-256:EE29A93105C003BFFFCECD5A0CA2D2AE9B6AB11E8D84D780794C9E2B65BE60E9
                                                                                                                                        SHA-512:F1F92E3069C333CCEE4CAFABDF09BAE6044E84301FEB994AB8E4DBC4B71AD4E3035258E4B2B107F0CED0B5E49B93FEE49ECF97BE34111638AB5C98D2463B87CD
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...D................................Info.......2..SB............##((..3388==BBGGLLQQWW\\aaffkkppuuzz.......................................................9LAME3.97 ............$..N.....SB..].....................................................................................................................................................................................................................................D...0@:. .@ED''.#..p..T...Z...0....DDO.D..DO."""..^......B." ...w?.D@.......... ...J...>...@.........*&..!.2....}.@...BxT..VG7a....>.....MI.MS........%.....c.?&..Z,...k.E@H.2..T..~.ii...`....2....m..}.n.....{k..p...E...|..N.o.........:^<z.zu.....\..d.f.&..vT.b.!...lL....ig..M....)..N).......1>"IU....y.O2.....R<O"gJT.\..p...`6..Y..Y..C.....,LP H?.n9.@l.....m..@...\S.p...f....MH....DX...b.+.1@...d#...M.~j..J..y......V.......;9@.p............/.HM..@.L...,l..0....-... ...b.......B....S.|9!:.f.$.D.......gd..#.......(.....H.`.(.9..3.'..W.a......$.......t

                                                                                                                                        C:\Program Files\NetSpot\Resources\Sounds\Survey_ScanSuccess.mp3 (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):38869
                                                                                                                                        Entropy (8bit):6.9223099855015
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:SqwuVFgAF1FLUA/9N7ln1NB2P3eP3FfbAuEn5Ya:R7VtUa7lJ7fRbAVYa
                                                                                                                                        MD5:74F4F8EF57B7CC4702582558EDFCEB0E
                                                                                                                                        SHA1:751E1645E38AAB0E88C19C9AC1BCBC510707E68D
                                                                                                                                        SHA-256:093A087F14464CDD5AFD4F989423E03D1F3AAE62530C0061338FE4390044B34C
                                                                                                                                        SHA-512:2CAFF0FB7CC989F2A472D141A5BDC4539E9CC2D41D6D24B10ACFE04DA244BD88BF3C43C48C4FDEAFA52D4476BD5E8B5F8EF5E291F43A561A47DE783DD16A2EC7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...D................................Info.......\................!!$&),/247:=@@BEHKMPSVY[^aadfilortwz}......................................................9LAME3.97 .......J....$..N..............................................................................................................................................................................................................................................D...~... ..... ....5....`.,.Z...y..<.|p..a......?.<=................=.....<{.8z........C.w.....?.8~.........=..<E.....#%.qiLAS/E2.....7.lW.2.......^.yw*i.E.P.zb..]_/7..$4'....L.(#.^..B#+....CB...?...~....i./..M.....#...c.j.......Z..U....R............b..........4.]..Vw.!u....mX',M..H.Ru...p#.........LB..D|.*.....d.s..Ur...(YE.k......oN=.r.-)}/.<S..F(G.o....'..V.T6eC*$...mQ..X...a...^K18..(WW}....3.....dD...j=...bN.G..#8Sq..&$............-....Y.......~.l?......>...z..{..W..H.c~..2.".:2&.@..j...$..`@.....o$T..!.$a...1\.i9B...b..B6u.2.a$I..8..e"A~..#..'\..~....

                                                                                                                                        C:\Program Files\NetSpot\Resources\Sounds\is-0G99Q.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):21314
                                                                                                                                        Entropy (8bit):7.794641659637111
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:kUlGzHao6HVhoKGUDhkfxjYWQzQ6FZNz1ufiGbKGCDrfZFd5zy4:k4ce1hrhbWj6jNz1GmGQrfZT524
                                                                                                                                        MD5:29A8D4BCBE47723E34182CCCBF9C5A55
                                                                                                                                        SHA1:08442FBA956AFD518E972F665CEB29BC31D867EB
                                                                                                                                        SHA-256:EE29A93105C003BFFFCECD5A0CA2D2AE9B6AB11E8D84D780794C9E2B65BE60E9
                                                                                                                                        SHA-512:F1F92E3069C333CCEE4CAFABDF09BAE6044E84301FEB994AB8E4DBC4B71AD4E3035258E4B2B107F0CED0B5E49B93FEE49ECF97BE34111638AB5C98D2463B87CD
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...D................................Info.......2..SB............##((..3388==BBGGLLQQWW\\aaffkkppuuzz.......................................................9LAME3.97 ............$..N.....SB..].....................................................................................................................................................................................................................................D...0@:. .@ED''.#..p..T...Z...0....DDO.D..DO."""..^......B." ...w?.D@.......... ...J...>...@.........*&..!.2....}.@...BxT..VG7a....>.....MI.MS........%.....c.?&..Z,...k.E@H.2..T..~.ii...`....2....m..}.n.....{k..p...E...|..N.o.........:^<z.zu.....\..d.f.&..vT.b.!...lL....ig..M....)..N).......1>"IU....y.O2.....R<O"gJT.\..p...`6..Y..Y..C.....,LP H?.n9.@l.....m..@...\S.p...f....MH....DX...b.+.1@...d#...M.~j..J..y......V.......;9@.p............/.HM..@.L...,l..0....-... ...b.......B....S.|9!:.f.$.D.......gd..#.......(.....H.`.(.9..3.'..W.a......$.......t

                                                                                                                                        C:\Program Files\NetSpot\Resources\Sounds\is-EC700.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):38869
                                                                                                                                        Entropy (8bit):6.9223099855015
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:SqwuVFgAF1FLUA/9N7ln1NB2P3eP3FfbAuEn5Ya:R7VtUa7lJ7fRbAVYa
                                                                                                                                        MD5:74F4F8EF57B7CC4702582558EDFCEB0E
                                                                                                                                        SHA1:751E1645E38AAB0E88C19C9AC1BCBC510707E68D
                                                                                                                                        SHA-256:093A087F14464CDD5AFD4F989423E03D1F3AAE62530C0061338FE4390044B34C
                                                                                                                                        SHA-512:2CAFF0FB7CC989F2A472D141A5BDC4539E9CC2D41D6D24B10ACFE04DA244BD88BF3C43C48C4FDEAFA52D4476BD5E8B5F8EF5E291F43A561A47DE783DD16A2EC7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...D................................Info.......\................!!$&),/247:=@@BEHKMPSVY[^aadfilortwz}......................................................9LAME3.97 .......J....$..N..............................................................................................................................................................................................................................................D...~... ..... ....5....`.,.Z...y..<.|p..a......?.<=................=.....<{.8z........C.w.....?.8~.........=..<E.....#%.qiLAS/E2.....7.lW.2.......^.yw*i.E.P.zb..]_/7..$4'....L.(#.^..B#+....CB...?...~....i./..M.....#...c.j.......Z..U....R............b..........4.]..Vw.!u....mX',M..H.Ru...p#.........LB..D|.*.....d.s..Ur...(YE.k......oN=.r.-)}/.<S..F(G.o....'..V.T6eC*$...mQ..X...a...^K18..(WW}....3.....dD...j=...bN.G..#8Sq..&$............-....Y.......~.l?......>...z..{..W..H.c~..2.".:2&.@..j...$..`@.....o$T..!.$a...1\.i9B...b..B6u.2.a$I..8..e"A~..#..'\..~....

                                                                                                                                        C:\Program Files\NetSpot\SurveyProject.ico (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):145194
                                                                                                                                        Entropy (8bit):6.183406629222501
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:W1h5RSjSuCMzRzSX4nzTnAJsrA/YH3H3jX4oXwUXM8Uv7kr4Y/rQjc0YLY4HAXIc:mfPMZSA0GyB
                                                                                                                                        MD5:6DAF3B6D55C2CE862A17892768F479E1
                                                                                                                                        SHA1:21A0E6E2DB93E581474BCADBC951FEEFBB64DE42
                                                                                                                                        SHA-256:0A27B230D845065F1CB8EAE244D6B54F0268EF4209BCA09EB0269424E0AC05AB
                                                                                                                                        SHA-512:E5C9A4F4826AA0995AAF3EDA8D62413DE50BEE13E9F7C8AE686DFA36EBAA3A3227C22EA5FB657019EBDE74BFC1C8C44EF67F1B637623035A497C698A53F0237A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:............ .....f......... .(..."...@@.... .(B..J...00.... ..%..r... .... ......"........ .h....2...PNG........IHDR.............\r.f....IDATx...y.%.U...#.no.}}.WuuWu..[-.Z..F.....Ax.....m@Bb.l$...x.A.c{.=#.`l0.... .1..v....}{..Z..{3......'O..Jt.+.....fF.r...D.A...'.b...1...cDd.=c.......q.D..;.B.?+.w........... ..lG.E.O......AasF...;X[.:.\..>.I~.uU.)...W..|..N.^.^r].|...........^).b..M.{9u....|@.9'0....I# .p...,....}.k% ....L..H/....5?4>n..h.L2.~_..2X.......p.&.../.>|.._.v.R.9.8y.......@..Z.f.(..(.&..&.+.U..!n.........i...#..k.....4.AH....3ic..........t:.v.......^..............&..F@.D...C...:.y.!...{.....b.w....oC\...Q".......u[.K.....D..Y#..c...k.J.@...E2 )....l6a.uU.!.._)/aYs.@Do1.V......Q.I.R.#e.p.>.@&OP...h.....S...Z...*.qL.(.!.>...-.r#....1M........=p...q........kU.....~.......<.....9...x..3......Q......Z^_E F....&IC@...%a.@.V..:x...>.1.....o...?.0..pS..@.+.<...o...A.'.4%..b.......6.`.}E.x.K.....y....N.z..J-.m....@..2....!9=.

                                                                                                                                        C:\Program Files\NetSpot\System.Buffers.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):23232
                                                                                                                                        Entropy (8bit):6.7286820220060966
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:HrMdp9yXOfPfAxR5zwWvYW8aPpwKNs+mzgAM+o/8E9VF0Ny8+:HrMcXP6N+MgAMxkE5
                                                                                                                                        MD5:BDA4F42C08756FD768ADBC64A42D42BF
                                                                                                                                        SHA1:8EFA0D581DC5F0C414E5F59C99A8B21B9B6D8586
                                                                                                                                        SHA-256:15A26CFE3B29E95C6EA82180A776855246BA7943CC8EDA92027E55B042BA4767
                                                                                                                                        SHA-512:48B2480FB79852D885D2FEB12C00F4141E49DEB1771DDB141582100C9A5367C297516DE200F2B62C4FDA037DCB06B79C892108AECA9C5F2E94511B5510E58D8B
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ...................................@..................................B..O....`..@................,...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                        C:\Program Files\NetSpot\System.Data.SQLite.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):421568
                                                                                                                                        Entropy (8bit):6.116107069419712
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:E5douWvsWkOfjL/MEd6/7vfA8SCW1nFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFk:EpjblhW12T
                                                                                                                                        MD5:3B35A94274BEEB1B87406ECBD09B1F5A
                                                                                                                                        SHA1:E1F0332812B7E5BDEF70B8E088B85743071E3B42
                                                                                                                                        SHA-256:5B2F115110208AFC1FADA50C90BBEB468691C36FEA411BDF5E3B13BBCDF8DEAA
                                                                                                                                        SHA-512:0CD9DFC1B13F59A1C2C25C6694133E67E81D84AD77F9CC5BB9C6CECADA3FE124EAC7D239D7CFD7A8605A5D1D92D32E95CBC5EC603A6675D3607799EEA1F4B8E0
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0..8...........T... ...`....... ...............................K....`..................................T..O....`..p............B...,..........XS............................................... ............... ..H............text... 6... ...8.................. ..`.rsrc...p....`.......:..............@..@.reloc...............@..............@..B.................T......H........X..\V.................R......................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....(.....r)..p.(........(u.....~<...(=...,z.....s....}.......}.......}............{............%......(>....%...D....%...!....%...%.........%....%.........s....(B...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(j

                                                                                                                                        C:\Program Files\NetSpot\System.Memory.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):143552
                                                                                                                                        Entropy (8bit):6.178173534332629
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:KUGrszKKLBFa9DvrJGeesIf3afNs2AldfIO+RZy:9BFd3/aFs2s+RI
                                                                                                                                        MD5:413409FB1CFFA5E7DB28FDA1A9236952
                                                                                                                                        SHA1:E7A100E2D0FAB05770C8876A8699DC48FAF7B128
                                                                                                                                        SHA-256:D31D1A7799CF078202226314444FE1FD63360B58C58AC415B28B76A4A6B32573
                                                                                                                                        SHA-512:61E1A1EAE5D9C032898A55721654F65F6E6BC7EF2B69D17BEE428BC1926EE12FC76DDF258A8B62B597DE960D35196426F0A6FA8DF510EFC266B64EF7F06CB1A6
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`.......?....@.................................X...O.... ..0................,...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                        C:\Program Files\NetSpot\System.Numerics.Vectors.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):111296
                                                                                                                                        Entropy (8bit):5.544967621681231
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:MPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/V+dx/:MWw0SUUKBM8aOUiiGw7qa9tK/V+b
                                                                                                                                        MD5:50FADE74A1DEF2149DC0EB8AA6D4F25E
                                                                                                                                        SHA1:AF6E1FCAC111C8E92D7D1683E2A6D56A633A959B
                                                                                                                                        SHA-256:E1FA1D677735DE90BB5614A06ECF8DF49112E7BE069E19A1E5519033101EDACF
                                                                                                                                        SHA-512:7F046235E13824BE9B82C417F0DB546DB9875C8E8E7C3A783180E4E6E0B3BDD5DF3262BCACC9C53F662E404035148C7FECA5AF6C2CB54189DF8CD605B834DD6E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ....................................@.................................f...O........................,.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                        C:\Program Files\NetSpot\System.Runtime.CompilerServices.Unsafe.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19136
                                                                                                                                        Entropy (8bit):6.727506894569843
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:PgGLROZAdWXYW8anpwKNs+dk5QAM+o/8E9VF0NyXMOn:PpLAV6V+NAMxkEG0
                                                                                                                                        MD5:DFF0251484F6BDB4A270B1FAB1FF84F4
                                                                                                                                        SHA1:ED02CE81C6A7331810F26FF79F1871E6540101B6
                                                                                                                                        SHA-256:7C366D6192B96A8E6690C6CAD220EFB1BAEE7BA78C477C82A8B8F470AD259FDB
                                                                                                                                        SHA-512:9E405953126139DE9893E722BB4A2278102F9CF49D94050CBD4E156E5284EDFCF43EA9F052F4BBDB2B0B57C8621B0D9DAAF214664F185BE9D4BA0BB6941E588D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!................^2... ...@....@.. ..............................M.....@..................................2..S....@...................,...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@2......H........#..@...................P ......................................{.v.`)!.t..@.62C<.=...h....X..}.`v.r...g.e...yXa.dat.mwQ.XdJ...M..`..J...$|.j.6W.U.3.r.A.h.....9Q..|..,<g..gy..6V9o%..Gd.r.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                        C:\Program Files\NetSpot\de\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):123584
                                                                                                                                        Entropy (8bit):5.585235429745043
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:Sy7oS5rf08VE65+6nlPEFkax2ZYTNGLESeN0CJO+d:7r90ZF2nf+d
                                                                                                                                        MD5:65AB0B8EA9BFF9934C3B7D6E705FF169
                                                                                                                                        SHA1:D50A3CA2B0AB9A0CBD0FF7B57B580D318AE67213
                                                                                                                                        SHA-256:6A6734D94D73FF9E6C9BE7CDB62F3B6E08690973806AD0B3EAF881D7840C2E22
                                                                                                                                        SHA-512:524111A472F80ECBAB1698FAF0756CCC6625F0F95B2040ED9BDC319F88395891D35E6C3A4FB4E7338958B6BA039BA92DE708BD8A920BCC8FD877469E98A748CA
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!..................... ........... ....................... ......q,....@.................................8...S........................,........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H.......|................ ......P ........................................|~.@.........{.....4".....J.....wv........../H:...[[-x.7.....H..0....fM..cS.|...[.:.....F...3.*.....+..S..@`.,.......!..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\de\is-9IFIE.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):123584
                                                                                                                                        Entropy (8bit):5.585235429745043
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:Sy7oS5rf08VE65+6nlPEFkax2ZYTNGLESeN0CJO+d:7r90ZF2nf+d
                                                                                                                                        MD5:65AB0B8EA9BFF9934C3B7D6E705FF169
                                                                                                                                        SHA1:D50A3CA2B0AB9A0CBD0FF7B57B580D318AE67213
                                                                                                                                        SHA-256:6A6734D94D73FF9E6C9BE7CDB62F3B6E08690973806AD0B3EAF881D7840C2E22
                                                                                                                                        SHA-512:524111A472F80ECBAB1698FAF0756CCC6625F0F95B2040ED9BDC319F88395891D35E6C3A4FB4E7338958B6BA039BA92DE708BD8A920BCC8FD877469E98A748CA
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!..................... ........... ....................... ......q,....@.................................8...S........................,........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H.......|................ ......P ........................................|~.@.........{.....4".....J.....wv........../H:...[[-x.7.....H..0....fM..cS.|...[.:.....F...3.*.....+..S..@`.,.......!..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\en\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):116928
                                                                                                                                        Entropy (8bit):5.526447237352214
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:py7V1DTbDWnNnvBSF+psH333j092zHXRsVGdc+a:c7RXhXji+a
                                                                                                                                        MD5:C1A44F4B7036958D269093C12B3D14C1
                                                                                                                                        SHA1:C88CBD464722B0198226D2864635F56F1D6511E0
                                                                                                                                        SHA-256:87C3CBEA0AAF7DC534A94E0BCEE3F1C8FBAE13C5B08843E540E379BCFBFDC44C
                                                                                                                                        SHA-512:27FE509CAE913C29446833A1CD3DBC4228A2B20CB0CA62707679BEA00B9A163C856F89C1D3AB56D1B745CF0FD83D34AB7CF510C25E69367A6FF9EB65AED6B33D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!..................... ........... ..............................;.....@.................................l...O........................,........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................ .....P ......................................!..3.Z5..@./zspH.....u.W.z.f.x.e...l....6....<,\n..x...$...n.gMt.E...%...ccQ..h.?:#. .2..............gU..64.....>..EP..2.Uk|.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\en\is-JJM2S.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):116928
                                                                                                                                        Entropy (8bit):5.526447237352214
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:py7V1DTbDWnNnvBSF+psH333j092zHXRsVGdc+a:c7RXhXji+a
                                                                                                                                        MD5:C1A44F4B7036958D269093C12B3D14C1
                                                                                                                                        SHA1:C88CBD464722B0198226D2864635F56F1D6511E0
                                                                                                                                        SHA-256:87C3CBEA0AAF7DC534A94E0BCEE3F1C8FBAE13C5B08843E540E379BCFBFDC44C
                                                                                                                                        SHA-512:27FE509CAE913C29446833A1CD3DBC4228A2B20CB0CA62707679BEA00B9A163C856F89C1D3AB56D1B745CF0FD83D34AB7CF510C25E69367A6FF9EB65AED6B33D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!..................... ........... ..............................;.....@.................................l...O........................,........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................ .....P ......................................!..3.Z5..@./zspH.....u.W.z.f.x.e...l....6....<,\n..x...$...n.gMt.E...%...ccQ..h.?:#. .2..............gU..64.....>..EP..2.Uk|.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\es\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):123584
                                                                                                                                        Entropy (8bit):5.525081965668256
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:IyaeM3l88WgsALGpDo0O85xd79w/9VHO+C:ZEl8+C
                                                                                                                                        MD5:C8371D18A26F4422A9588C554A9425FA
                                                                                                                                        SHA1:79419EFEFD0B781BADE4393B3170B80220132C7B
                                                                                                                                        SHA-256:574BE0BBDD22829122427CEF87CAE658A738F75428735B81EBE6B30C85FB8912
                                                                                                                                        SHA-512:74D7B1ED6AAA7F91D97978971571A55881BB593D729FBE2F847D19F55DB87652EA187FFAF829D34D9FDE403E675084F9CAF7413E0EED3473C2EC756FC8E5E1C8
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!..................... ........... ....................... .......Y....@.................................h...S........................,........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................ .....P .........................................Gl.".>.jd.2.I.....g.fhz..).!-..e.".....;.S...`5:..B....M..#.(.T.......I.E...-..Z.}...-........8..(.6.%.Y.)P...V4....Q..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\es\is-GLJO9.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):123584
                                                                                                                                        Entropy (8bit):5.525081965668256
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:IyaeM3l88WgsALGpDo0O85xd79w/9VHO+C:ZEl8+C
                                                                                                                                        MD5:C8371D18A26F4422A9588C554A9425FA
                                                                                                                                        SHA1:79419EFEFD0B781BADE4393B3170B80220132C7B
                                                                                                                                        SHA-256:574BE0BBDD22829122427CEF87CAE658A738F75428735B81EBE6B30C85FB8912
                                                                                                                                        SHA-512:74D7B1ED6AAA7F91D97978971571A55881BB593D729FBE2F847D19F55DB87652EA187FFAF829D34D9FDE403E675084F9CAF7413E0EED3473C2EC756FC8E5E1C8
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!..................... ........... ....................... .......Y....@.................................h...S........................,........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................ .....P .........................................Gl.".>.jd.2.I.....g.fhz..).!-..e.".....;.S...`5:..B....M..#.(.T.......I.E...-..Z.}...-........8..(.6.%.Y.)P...V4....Q..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\fr\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126656
                                                                                                                                        Entropy (8bit):5.552788054448852
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:Fy/GdiDCA4nFw64aLL2E2CYq888NoFTzQ6S+S:4PD0tR83NoFC+S
                                                                                                                                        MD5:A0C6D392F74CB90D7FAC24752953414A
                                                                                                                                        SHA1:3D45B3D4533A08E0464E439E5025DF983CD27083
                                                                                                                                        SHA-256:81A0735EC9D0516624B3A5A8FA0C8F4F82D7D3CCED0CFE56F204EAB4D70009DE
                                                                                                                                        SHA-512:5EB99FBA07B5256C863977115A5677998FB88583675868CF23CA9350091BB3F4BD11FB4200CA2ECA5A76F9B735D7A3C4A67F8CA518130698E7627CB648510560
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!................~.... ........... ....................... ......7!....@.................................0...K........................,........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H.......t................ ......P ..........................................Fkj.sO.vW.@...8..j.....U.............Z..V.Xq..Z..`v.......6..YW..........v$A.d.C........~..R.=....q....O.".>.0.M................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\fr\is-CM1JJ.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126656
                                                                                                                                        Entropy (8bit):5.552788054448852
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:Fy/GdiDCA4nFw64aLL2E2CYq888NoFTzQ6S+S:4PD0tR83NoFC+S
                                                                                                                                        MD5:A0C6D392F74CB90D7FAC24752953414A
                                                                                                                                        SHA1:3D45B3D4533A08E0464E439E5025DF983CD27083
                                                                                                                                        SHA-256:81A0735EC9D0516624B3A5A8FA0C8F4F82D7D3CCED0CFE56F204EAB4D70009DE
                                                                                                                                        SHA-512:5EB99FBA07B5256C863977115A5677998FB88583675868CF23CA9350091BB3F4BD11FB4200CA2ECA5A76F9B735D7A3C4A67F8CA518130698E7627CB648510560
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V~.e...........!................~.... ........... ....................... ......7!....@.................................0...K........................,........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H.......t................ ......P ..........................................Fkj.sO.vW.@...8..j.....U.............Z..V.Xq..Z..`v.......6..YW..........v$A.d.C........~..R.=....q....O.".>.0.M................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\is-07U2U.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):146226
                                                                                                                                        Entropy (8bit):6.22069992309144
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:VK5Ye8OYEPBX/IG/AJbX4nzTnAJsrA/YH3H3jX4oXwUXM8Uv7kr4Y/rQjc0YLY4n:VkYe8Ovp/n/AizUm+I
                                                                                                                                        MD5:9E81A1D0926ECFFEE36D12BA30A8D225
                                                                                                                                        SHA1:A85192ED2A1E91EEA17C7F63EDD617930BC6AE06
                                                                                                                                        SHA-256:5D945B9A25049E3B82A88203E69092BBEE84877C63C65D01F664648809843CC3
                                                                                                                                        SHA-512:1F35492D28C0D05E2D9A245B656A00C68AE51D846EE2EDFFCED98F1512D66FE5FAA52F2F905F22D7FC0D0CDBA08B9A3E8621B7B22D7429A9E24BB9F40449FDDC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:............ ....f......... .(...*...@@.... .(B..R...00.... ..%..z... .... ....."&........ .h....6...PNG........IHDR.............\r.f....IDATx...w.%.u.....o.<...qf6/.. ...|.H.z.$.,.g%+.V.$Z.'K..,..-Y..$.O.....m..O..H.. @..",6....0y..>.?......;..0."P....vWW<..9.s.Z.K...oSJ._)u/.!"R.R..o......"...e!......y^.g.t..H>#..eQ....6...X....m.+........c...2E........./s.7_r^.|R).{.....W..^O....E.z:y....._09g0...n...@..x..Y^........$..)K.)...$..}..l.x....'....E.^.+.C..o......t.....>../..^O..6\..8q...A..P.V)."......lru.......n..)W...l_'!.....T..)4LQ.......O{.+}A.Ja..R.i..4..-..T..B..6u...B..O...[Ka.~...V..Z.:.OD.H.R.....]5.s(y....3.|.V.}..2.u.......x.....d....~...?.d9..R.b......H.$W}G..j5.ij....._O.b.p.@DoSJ!."..".!..I|rU.D....'..d...C(.sB@...*q.....Ule..P0CL~REU[..J..,/1M.3......=p...1.;...)...s.*...G...1g.x...4Dd..~......W1m......2.a.@.j:....cr..E...}`._....7._....o.S0.i.8s........,...y.}g...y|.x.F.qu....&.4%9>..s..<.... M..5.W1uK...G.............`.._..GC

                                                                                                                                        C:\Program Files\NetSpot\is-24KKF.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):88768
                                                                                                                                        Entropy (8bit):6.120782262211716
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:xm+Jb5CBYDynHOEBImUCy0RlvghPTZddZT5NXOeiPN+3fxGKm:g+JlDyuSNlRlvglTZdd55xOe0N+3Iv
                                                                                                                                        MD5:AA0265DDCCDB445AE6205238472F801F
                                                                                                                                        SHA1:04CBE89552C8C325465010D11F92924515EB554E
                                                                                                                                        SHA-256:E19F114A26A7AEBA795BA3FF2BCC83744A6716CAE70979D9CD88DFD2657FAF6E
                                                                                                                                        SHA-512:CCD45BAC3565FA98A45925BF12FAB4D61008AAEFC79B2912DDC19D1B1E54730C4E83FF4A588F8E24A38EBF29F72DE35E38C29246C5F25904AE2E56CA25E31A3F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............." ..0..&..........*E... ...`....... ....................................`..................................D..O....`...................,.......... D..8............................................ ............... ..H............text...0%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................E......H...............................C.......................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*..{....*..{....*r.{.........}.....r...p(....*..{....*..{....*..{....*r.{.........}.....rA..p(....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..0..o........{.........(......(.......+...(....-..+...(......(....(....,1..}.....rU..p(......{.......(....-..{....+..(....*..{....*..0..

                                                                                                                                        C:\Program Files\NetSpot\is-33L5D.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):456
                                                                                                                                        Entropy (8bit):5.010641042142334
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:MMHd413VZreI9YQTloTNft35n+0M2rFUNpoTDdxT:JdArtloTL44FyoTb
                                                                                                                                        MD5:0ADB1125319DD1F874237E526D3D74E0
                                                                                                                                        SHA1:140E9913C44BE829BC5EE36B9F37588570346B2F
                                                                                                                                        SHA-256:635B58F90AD8D5A07F8899AEB9FA54B16842632F8D2FB2B026F113BB2E921A1E
                                                                                                                                        SHA-512:BFB79686594109C0824EB7DF4CB5A5FEBD995770B1C2E611EB2952633ABCF90FBF46DCBD8265C52EA40C823F2C63F0B12C21B7913DBF75F19425E1CC0E0704F3
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <system.data>.. <DbProviderFactories>.. <add name="SQLite Data Provider" invariant="System.Data.SQLite" description=".NET Framework Data Provider for SQLite" type="System.Data.SQLite.SQLiteFactory, System.Data.SQLite"/>.. </DbProviderFactories>.. </system.data>..</configuration>

                                                                                                                                        C:\Program Files\NetSpot\is-377HG.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19136
                                                                                                                                        Entropy (8bit):6.727506894569843
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:PgGLROZAdWXYW8anpwKNs+dk5QAM+o/8E9VF0NyXMOn:PpLAV6V+NAMxkEG0
                                                                                                                                        MD5:DFF0251484F6BDB4A270B1FAB1FF84F4
                                                                                                                                        SHA1:ED02CE81C6A7331810F26FF79F1871E6540101B6
                                                                                                                                        SHA-256:7C366D6192B96A8E6690C6CAD220EFB1BAEE7BA78C477C82A8B8F470AD259FDB
                                                                                                                                        SHA-512:9E405953126139DE9893E722BB4A2278102F9CF49D94050CBD4E156E5284EDFCF43EA9F052F4BBDB2B0B57C8621B0D9DAAF214664F185BE9D4BA0BB6941E588D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!................^2... ...@....@.. ..............................M.....@..................................2..S....@...................,...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@2......H........#..@...................P ......................................{.v.`)!.t..@.62C<.=...h....X..}.`v.r...g.e...yXa.dat.mwQ.XdJ...M..`..J...$|.j.6W.U.3.r.A.h.....9Q..|..,<g..gy..6V9o%..Gd.r.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                        C:\Program Files\NetSpot\is-3JV3P.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):17088
                                                                                                                                        Entropy (8bit):6.899501492071725
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:weuVMHq2/rQpwKNs+oJAM+o/8E9VF0NyNy6/:wQ/R+eAMxkE+s
                                                                                                                                        MD5:C0127A419AE6EB2EAF245CE3B9E5EAA2
                                                                                                                                        SHA1:3BFACFD3A6B135043E7682473F2A9BB2C015873D
                                                                                                                                        SHA-256:A2F66C3723A053002765B744AA91C2726A9FDE00E4AD4A2FA08428601ABF9CC6
                                                                                                                                        SHA-512:403D90E32CDC82B654BB3E1636500387418CA2386FAD26845E69DF78F38D90186C4557F450A50EDFCAA3041605DA426862168D69EE6BAEB5020A8A736BEC17A2
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....j..........." ..0.............F*... ...@....... ...............................o....`..................................)..O....@...................,...`.......(..T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................%*......H.......P ......................\(......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob............\.........3........................................................g.h.....h.....U.................3...+.3...J.3.....3.....3.....3.....3...T.3...$...........n.............?.............E. .E.....V...~...O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...y.O.....O.........

                                                                                                                                        C:\Program Files\NetSpot\is-3TUDR.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):794816
                                                                                                                                        Entropy (8bit):6.619262064540609
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:xwv4iRaX1OQZmHwcfc8c64iRi0R3Q7bAwA7LrjCBS+rZ3UnY8FpWOWJldEqAVdPf:X+UUx7ES+BUnY8FgJldE1hwd17w
                                                                                                                                        MD5:62D585A19E7F2503CF321BA8C7AA1EEC
                                                                                                                                        SHA1:CD65A7860DAED9B1A6539353869793A5B758EDA5
                                                                                                                                        SHA-256:EC4437A7A814D29F7E6C042429249DDA091AF67BFDBDE40CE142BB842406D59F
                                                                                                                                        SHA-512:BFDA4DBA71EE30BF2A3DD60F01659EA0A70C57BEBD4AA1DC0CB811B175B492B93BFA0660F7FF2E6EE535E9CE1F0192279D3BCB517737031C79A1468F6E3CD4BA
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.h..........." ..0.................. ... ....... .......................`.......3....`.....................................O.... ...................,...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............M..................\.......................................2~.....o...+*2~.....o...+*2~.....o...+*..0...........-.r...p..s#...z..o...+..o...+o...+.('...o...+()...o...+o*.....o...+..o...+o...+.o...+.('...r...p(,...o...+.o...+o*.....o...+o...+()...o...+o*.........*6.(-....(....*...0..$........{....,.*..}....r1..p.s.......(/...*"..}....*6.(-....(....*..0...........u......,..o0...&*...0..$........{....,.*..}....r...p.s.......(/...*...3..t...........s1...o2...*..}....

                                                                                                                                        C:\Program Files\NetSpot\is-42MF6.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):41664
                                                                                                                                        Entropy (8bit):6.282048576545937
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:uLz79sVpbUksSfYXG56U+aeu3IcA/KhROU+uptGVvAoOcEnO6WPr/89LM3bRHP4/:2I4Bu3hxOwSEl9LIbVSOuBY+lAMxkEH
                                                                                                                                        MD5:4A01C17927D78B386AE3138D974EB4FB
                                                                                                                                        SHA1:FC24A8D528AD089E2FDAC344598DC71B76F89044
                                                                                                                                        SHA-256:FA533973B5394AFEB264AEF26A6A92615B5DBB3D3B8A9C0E61339DA7CBA5C374
                                                                                                                                        SHA-512:B8875026365C4701E3217D8112CCD3F27FD4081767D58A636A37DC09A888ACBFC2373AFE0431C34ABBADD480575199153DA9B6101C89257BA13D6E652DFA652E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..l............... ........... ....................................`.................................S...O....................v...,..........d...8............................................ ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B........................H........C.. E..........................................................r...p*..(....*..0...........,..(....-.r...p..s....z..(.........(......9.........s.......o.......o%.... (....o......o'... ....(....o.....o3...o......82.....(........s.........oc.... (.....o....~A...%-.&~@.....q...s....%.A...(...+... (....o.......oe... ....(....o......og...o......8z.....( .......s!........oA.... (.....o"...~B...%-.&~@.....r...s#...%.B...(...+... (....o$......oC... ....(....o%....o&...~'...

                                                                                                                                        C:\Program Files\NetSpot\is-4ET7L.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):17088
                                                                                                                                        Entropy (8bit):6.90004738042243
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:0euN8y3+mrnOpwKNs+nBGAM+o/8E9VF0NyFPu:0dDrr+BGAMxkEW
                                                                                                                                        MD5:F7287AC5C77ED7682110DC60DEFF5364
                                                                                                                                        SHA1:1D909ECAD37F36F8468F273F5BEFCFE21DBD302D
                                                                                                                                        SHA-256:319308FD8D5E0464CE199DE497DDDD1E9666B064319F7FCE631C4A13150DA787
                                                                                                                                        SHA-512:FDB64DE310E7066FDEEA7C47D9B6CB661B7F42722A755D597C6EB5E11622B1B361EFF4C0E52C937E417E01C2CD7AEEA8785E739BD2F8D0931CCED9518764EA1C
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!3............" ..0.............F*... ...@....... ....................................`..................................)..O....@...................,...`.......(..T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................%*......H.......P ......................\(......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob............\.........3........................................................g.h.....h.....U.................3...+.3...J.3.....3.....3.....3.....3...T.3...$...........n.............?.............E. .E.....V...~...O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...y.O.....O.........

                                                                                                                                        C:\Program Files\NetSpot\is-4GPK1.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2583744
                                                                                                                                        Entropy (8bit):5.834009979239824
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:lCTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0O:AwU5d3vhzhmoOmfd5rqX0O
                                                                                                                                        MD5:AA7A5592ABB357AE8DD4A1C784741F9C
                                                                                                                                        SHA1:EE3E37CF2F62ED6D4984D0592031008006CBCD8D
                                                                                                                                        SHA-256:3F28E4097F334FEED5A95DCF98FD7AF8AACA60AE3722F99CD1D6D0959EAA2495
                                                                                                                                        SHA-512:85F8117254CECFA898015F8E8538845C7F6B65C3C177C92AE0A09F6C3D6504CB0430DA26FD2EA43D47D154F9C2AF718068F17E8BF5E06983F24C7DE765140D37
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O^...........!......'.. .......,'.. ...@'...@.. ........................'.......'.....................................P,'.K....@'.`............@'..,...`'...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...`....@'...... '.............@..@.reloc.......`'......0'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\is-5AA03.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):22720
                                                                                                                                        Entropy (8bit):6.712254485514843
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:BQQlMLw4QQKnSJaAH40arn3ApwKNs+102AM+o/8E9VF0Ny6Of:iBnKSJ9Tk31++2AMxkE7f
                                                                                                                                        MD5:0CA7445ED82E327D9A1FDBA38F1EEFFD
                                                                                                                                        SHA1:7B56DBF6E4BE653F838B39A17108998A768D6249
                                                                                                                                        SHA-256:E038096E901F3760D4635121B409C13356B2258E7685DDA299735D59EB90B118
                                                                                                                                        SHA-512:7BA00F39BB5E73391FE5F7FEFA815928A8AAA81D6CF010BAC61F641EC112D0B5D66A3D771131E0D811C28D7EA3BA4FEBE66DAEAB5206504941A10F7FFC2856A6
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............" ..0.."...........@... ...`....... ..............................%.....`..................................@..O....`..|............,...,...........?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc...|....`.......$..............@..@.reloc...............*..............@..B.................@......H........&..\....................?.......................................~....o....t....%r...p.(....o....%o....*.r...p.r...p(.......(...+(....t....o....(....*...0..............(...+(....t.....s......o....,a+W.o....s........+5....o........o....-....o....+........o......&.....X.....o....2...o.....o....-..*.........6.+a.......0..............o....,..u#.....-..*.*....0.. ...........o....,..u(...,...(....+..*.*.0.. ...........o....,..u)...,...)....+..*.*.0..%...........o....,..u(..

                                                                                                                                        C:\Program Files\NetSpot\is-5BG51.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):287936
                                                                                                                                        Entropy (8bit):3.2856861072698464
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:VccViPfSPLgBejO1yvzUoFoutUmLqez7Pw3KXaSP98roNpFkKjFGZrQa1r/mmxl+:VRjgYBUoFoIw3URGNLS/Mln+rCAMxkEi
                                                                                                                                        MD5:EA838BBB8C7E59ABE1F8F484D40A063D
                                                                                                                                        SHA1:E024251B0DCFE376DAA4712CBBB7D41D025BC450
                                                                                                                                        SHA-256:A5BC3241D5778C887428405B7840DD05C3DCC8919F57B7DE30C2DAC3AD1ED253
                                                                                                                                        SHA-512:8E1B71A3D6322C9923FE4ECF50004DA97BB9D5F14CF9FBB404F7383800C0048A58A283FDC359B96C1559C9A53784FB18742BCAC41F4BDA413A58CD6DE6C4630A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w.7..........." ..0..............J... ...`....... ..............................kH....`..................................J..O....`..@............8...,...........I..8............................................ ............... ..H............text...p,... ...................... ..`.rsrc...@....`.......0..............@..@.reloc...............6..............@..B.................J......H.......@....%...........S..@...$I........................................{....*..{....*..{....*.0...........(......(....,.r...p..s....z..}......}.....s....}.....{........#...%."...(....o.....{........#...%.!...(....o.....{......:.#...%. ...(....o....*.0..,........-.r...p..s....z..(.....o....(...+&..&.....*.........%.......0..K........-.r...p..s....z.(.....o..... (....(...+r...po....o....(...+.s....}.....s....}....o.....8......(.....s.......o4...o......o<...o......o>...o.....

                                                                                                                                        C:\Program Files\NetSpot\is-5G8NL.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):111296
                                                                                                                                        Entropy (8bit):5.544967621681231
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:MPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/V+dx/:MWw0SUUKBM8aOUiiGw7qa9tK/V+b
                                                                                                                                        MD5:50FADE74A1DEF2149DC0EB8AA6D4F25E
                                                                                                                                        SHA1:AF6E1FCAC111C8E92D7D1683E2A6D56A633A959B
                                                                                                                                        SHA-256:E1FA1D677735DE90BB5614A06ECF8DF49112E7BE069E19A1E5519033101EDACF
                                                                                                                                        SHA-512:7F046235E13824BE9B82C417F0DB546DB9875C8E8E7C3A783180E4E6E0B3BDD5DF3262BCACC9C53F662E404035148C7FECA5AF6C2CB54189DF8CD605B834DD6E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ....................................@.................................f...O........................,.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                        C:\Program Files\NetSpot\is-5VC90.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):25792
                                                                                                                                        Entropy (8bit):6.632952477017057
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:CCoWkOcyufdHrURTrfSjXwemdgPpwKNs+NHPAM+o/8E9VF0NyMlW:CCGXJUtajKgE+ZAMxkET
                                                                                                                                        MD5:CED278CEE35E9A8D28369D9E0B47CCD1
                                                                                                                                        SHA1:66D2E501FE4D94CC833DA13288F11B86E79AD5B9
                                                                                                                                        SHA-256:241121D3AEF4781A595121A40B2FF40159587821C872C3E8601200C70A8D03A5
                                                                                                                                        SHA-512:84EE94D96B6A28518F4B5066AD72AFC7CC7A58D69514D0B916E89C5F8C6D56A6B026A1DBFBAED3C23B651A2EDABE9D7E7C69343FE5531FC68F1E9A67BFFF8C17
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............" ..0..............L... ...`....... ....................................`..................................L..O....`...............8...,...........K..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................L......H.......h,......................TK.......................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..C........(......}....r...p(........{......o..........!...s"...(......}....*..................0..........r...p(....&...(.....*....................0..Y........-.r/..p..s....z."....5.rA..p..+....s....z.."....5.rK..p...+....s....z..k"....4.rm..p...,....s....z..(....,..*..{.....X}.......}....~...

                                                                                                                                        C:\Program Files\NetSpot\is-6E58C.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):554176
                                                                                                                                        Entropy (8bit):5.901841445437236
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:StIgLGv5WBfXkYlsL/Nz++R1yji08n3uzxRQKEPmBm9C5vEx3tcQ8Vub8xPtwZEY:Cz81Dn3GQ/9C58x3tWXH9gvj9
                                                                                                                                        MD5:5AF9EF2D3E04E86E8F05F6C368492F50
                                                                                                                                        SHA1:0531597E55FA05A662B6F4F368596AC7D0E51287
                                                                                                                                        SHA-256:A5107F0AA4908CD1237BD818BCC797543C0EA4BEED0429CD160A9920CE13B201
                                                                                                                                        SHA-512:BBC3453C41E094E840FEC6F33B9A523B2983EAA1725268E25654960C07157F95C6D74C90EDB31895661DB598DD5B41E81ABEBE980257042C0885B5788482DDE4
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'.WL...........!.....>...........[... ...`....@.. ..............................6.....@..................................[..O....`...............H...,...........Z............................................... ............... ..H............text....<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................[......H......../...+..........x....N..P ........................................"8...7o...H...ek..E.y.....AtG9..\..9X.1..<0y....c.G.=...?..5."..G.j8...0;."=..Z...w?....=.U.S[.....2.X.gP..@...#Q...2.r.($.....(......(......(....*..($.....(.....~%...(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..Z........(+.....(......(....(,......|....(y....r...p............{.....i......(-....(...+...r...ps..... .....{p...~%...(/...,\.{.... ...._-N..{p.......(n...(0...

                                                                                                                                        C:\Program Files\NetSpot\is-8UH95.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):58048
                                                                                                                                        Entropy (8bit):6.262611160823602
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:XqORiwJZpUaygmA2wCD3QipnWXTTyX774K+QxE:PrHUaygmA2wCcipWXA4K+p
                                                                                                                                        MD5:1AE00E38D734FBF27A78735437004011
                                                                                                                                        SHA1:02889A3ED357D63BB1E3CED38CC3C724E1F9F9A2
                                                                                                                                        SHA-256:9E7B00A44F3515F15A5A3F89B43279CFFD7D6F744A9C88974E98DE70D8F6F81C
                                                                                                                                        SHA-512:9900972F5A989D7CD5DA1E4056BC4AB532FE8607D7E6FC9CD6DDE14A25355DA748309E552B7994EAC601D6AB1B9115B5899EFD69CB66B8C54C03D86F9E029743
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=C............" ..0.................. ........... ....................... ......./....`.................................W...O........................,..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........H..\s..........l................................................0...........-.r...p..s....z.-.r...p..s....zs......o....&.r#..po....&.r...po....&...io....&.r...po....&.o....&....+...........(....o....&..X....i2..r...po....&...io....&.r...po....&.o....&.....+..............(....o....&..X.....i2..r...po....&.o....*....0..........s....%rS..po....&%..(~......(n......(/...o....&%r...po....&%..(~......(o......(....o....&%r...po....&%..(~......(p...r...p. .(....o....&%r...po.

                                                                                                                                        C:\Program Files\NetSpot\is-9GF1O.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):42169536
                                                                                                                                        Entropy (8bit):7.62138260170293
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:786432:taYTMms1/OlLXCDPpnZQkrwCd2i/CxDdZJiGVLlaCP46f/ZQIykPbruYlvl8F//B:t76/OlwpnZ/ECA6CxDdZAG9l7rf/ZQUG
                                                                                                                                        MD5:2D7A7DCCCE26F5A6158605C22764D02C
                                                                                                                                        SHA1:F220CFC9FBA06B0A51C5A25A896046BB1F750B2B
                                                                                                                                        SHA-256:BEECDCCC5794D5898448830910D7C7D45B7F8B8B3C99332757E7ECE122F76788
                                                                                                                                        SHA-512:52B8AE37BD88E6DE9262764BF3FA525710DF9B6227E33AFAD2D458A7E9286E79ADF229AE87C17E68A4390518570F93AD0DBCFC71CF339CD1DD32EE188F7BFF2A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<..........." ..0..@..........^[... ...`....... ..............................j....`..................................[..O....`...............H...,..........\Z..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................=[......H........8..4................Iy..Y......................................>. 4......(,...*2......o-...*:........o....*.0..,........o/...r...p $...........%...%....o0...t....*&...o1...*..(2...*.~....*....0..)........{.........(3...t......|......(...+...3.*....0..)........{.........(5...t......|......(...+...3.*2.r!..p(...+*6..r!..p(...+*2.r?..p(...+*6..r?..p(...+*2.r[..p(...+*6..r[..p(...+*2.r{..p(...+*6..r{..p(...+*2.r...p(...+*6..r...p(...+*2.r...p(...+*6..r...p(...+*2.r...p(.

                                                                                                                                        C:\Program Files\NetSpot\is-B1NJF.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):17088
                                                                                                                                        Entropy (8bit):6.905840040200711
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:DJXGcKksPu2pwKNs+MO6AM+o/8E9VF0NyhpJ:DM++SAMxkEX
                                                                                                                                        MD5:9A6D05620FDCCF0FAA0035A92D449124
                                                                                                                                        SHA1:D6A9F5B1856DE5415A5C95A6B5FCCB6D65E18C82
                                                                                                                                        SHA-256:1872D58BC3694A46E64755F63A706AA79AA05F7C3859C091AAB2C9D07D5704EC
                                                                                                                                        SHA-512:8D4C4FE5FEDB7B45B5980FAC62D919F89A54085FDAD15B2FD10CDDA4EC840926AED3D207FE08F79135F10CA039AB441709E7D213B78631777A5FBF71FAD4C62F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............V*... ...@....... ..............................b6....`..................................*..O....@...................,...`.......(..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................5*......H.......P ......................h(......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob............\.........3........................................................k.n.....n.....[.................9.../.9...N.9.....9.....9.....9.....9...X.9...*...........r.............C.............K.".E.....V.!.....U.....U.....U...).U...1.U...9.U...A.U...I.U...Q.U...Y.U...a.U...i.U...y.U.....U.........

                                                                                                                                        C:\Program Files\NetSpot\is-B9RJK.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):145194
                                                                                                                                        Entropy (8bit):6.183406629222501
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:W1h5RSjSuCMzRzSX4nzTnAJsrA/YH3H3jX4oXwUXM8Uv7kr4Y/rQjc0YLY4HAXIc:mfPMZSA0GyB
                                                                                                                                        MD5:6DAF3B6D55C2CE862A17892768F479E1
                                                                                                                                        SHA1:21A0E6E2DB93E581474BCADBC951FEEFBB64DE42
                                                                                                                                        SHA-256:0A27B230D845065F1CB8EAE244D6B54F0268EF4209BCA09EB0269424E0AC05AB
                                                                                                                                        SHA-512:E5C9A4F4826AA0995AAF3EDA8D62413DE50BEE13E9F7C8AE686DFA36EBAA3A3227C22EA5FB657019EBDE74BFC1C8C44EF67F1B637623035A497C698A53F0237A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:............ .....f......... .(..."...@@.... .(B..J...00.... ..%..r... .... ......"........ .h....2...PNG........IHDR.............\r.f....IDATx...y.%.U...#.no.}}.WuuWu..[-.Z..F.....Ax.....m@Bb.l$...x.A.c{.=#.`l0.... .1..v....}{..Z..{3......'O..Jt.+.....fF.r...D.A...'.b...1...cDd.=c.......q.D..;.B.?+.w........... ..lG.E.O......AasF...;X[.:.\..>.I~.uU.)...W..|..N.^.^r].|...........^).b..M.{9u....|@.9'0....I# .p...,....}.k% ....L..H/....5?4>n..h.L2.~_..2X.......p.&.../.>|.._.v.R.9.8y.......@..Z.f.(..(.&..&.+.U..!n.........i...#..k.....4.AH....3ic..........t:.v.......^..............&..F@.D...C...:.y.!...{.....b.w....oC\...Q".......u[.K.....D..Y#..c...k.J.@...E2 )....l6a.uU.!.._)/aYs.@Do1.V......Q.I.R.#e.p.>.@&OP...h.....S...Z...*.qL.(.!.>...-.r#....1M........=p...q........kU.....~.......<.....9...x..3......Q......Z^_E F....&IC@...%a.@.V..:x...>.1.....o...?.0..pS..@.+.<...o...A.'.4%..b.......6.`.}E.x.K.....y....N.z..J-.m....@..2....!9=.

                                                                                                                                        C:\Program Files\NetSpot\is-C3Q8S.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):628416
                                                                                                                                        Entropy (8bit):6.80397848490966
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:VOwssqCIM0dsDUF3BDS+AVdPwx2ycsn4K06g8rP4h:8wss1Lr5hwdN4h
                                                                                                                                        MD5:F6DB961E896F73507D5AFFBD4180EA79
                                                                                                                                        SHA1:206D42E0F90E246C66235F128300FF0715B05C17
                                                                                                                                        SHA-256:E5A80ED55479587CB3BC89A862042D8817480D65CAEE8846204A4F3958E40084
                                                                                                                                        SHA-512:6904C4E5190EEE19726C1DD18AAB0E1FC039879DAE24539B13019B1B44EFFCF536482166AB0D52968F93EEEAD0CC843E9FE1D13FC15B77C5DB9DC71A487403C0
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b..........r.... ........... ..............................R.....`.....................................O....................j...,..........t...8............................................ ............... ..H............text...xa... ...b.................. ..`.rsrc................d..............@..@.reloc...............h..............@..B................S.......H.......43...r..........................................................2~.....o...+*2~.....o...+*2~.....o...+*..0...........-.r...p..s!...z..o...+..o...+..o...+..o...+o...+.(%...o...+('...o...+o(.....o...+..o...+o...+.o...+.(%...r...p(*...o...+.o...+o(.........*6.(+....(....*6..s,...(-...*..0..$........{....,.*..}....r1..p.s.......(/...*...3..t...........s0...o1...*..}....*6.(2....(....*..0..$........{....,.*..}....r...p.s.......(/...*"..}....*6.(2....(....*..0..$........{..

                                                                                                                                        C:\Program Files\NetSpot\is-CIROQ.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):69312
                                                                                                                                        Entropy (8bit):6.169463353945635
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:0WP+VRlI9MxGNxyxYKZdIU0y3DM29kx+NLjpxX:0PV3xGNxGxZdIU0yTp9kx+p/
                                                                                                                                        MD5:CDA636E8320D3E9F3B661049F1E66237
                                                                                                                                        SHA1:9E842CD6AB967EBAA317C60F0E3FCC21A2EA0614
                                                                                                                                        SHA-256:86E5D9ECEE4105E3408FD8C2AE7FB78AB8C87A68E5CCDD1F19BCF2CD5A783E7E
                                                                                                                                        SHA-512:570B9ADFBFDB7A58482EC5EA2277024F6D3902DF4308433D853B43EB3FD4AF0ED0DCBB5250EDE87E18B81C421E3A86EDFEBB4A2D1C91BC2CC3BE8EC80BA79366
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....j..........." ..0.................. ........... .......................@......vt....`.....................................O........................,... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......|....q..................4.........................................{....*..{....*.... (....-..r...ps....z.{.....(....,...}.....r...p(....*..{....*....0..[........(.....-.r...p..s....z.,.... (....-.r...p..s....z..}......}......%-.&r#..p}.....s....}....*..0...........(.....-.r...p..s....z.-.rS..p..s....z..}......}......{....}.....s....}.....{....o.....+..o......{.....o.....o....-....,..o.....*.........W..v......z.{....-...}......}......}....*..{....*..{....*..0..........

                                                                                                                                        C:\Program Files\NetSpot\is-CTAKS.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):306880
                                                                                                                                        Entropy (8bit):7.104937912189691
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:ARxrQnSjAVdNlbb0xRX7e9bGjjM6Z4ne8KkCUI1r+tn:ArAVdPwx2yv4neNrUxtn
                                                                                                                                        MD5:5544034252AE9539556A5280668DA27C
                                                                                                                                        SHA1:741E53AB68B10EC7E648A7952B117A7FBC490C8C
                                                                                                                                        SHA-256:40B566171AD85A6E057DACFB0C910178D2D4B6277C314768DCFE78C5679710E8
                                                                                                                                        SHA-512:B057D201FDF4B67C58A69EDBEBB7BF0774FA34DA326CD67E9DC9DB2E8A080B167CB4CD2C8F72CB7521EB1FED3D7E8F8CDAEF832394B05DA618C8E8E4B3B0571A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.B..........." ..0..z............... ........... ..............................A:....`....................................O........................,..............8............................................ ............... ..H............text... x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......8j..@...........x... ...........................................2~.....o...+*z.-.r...p..s....z..o...+......*6.(.....(....*...0..$........{....,.*..}....r...p.s.......(....*"..}....*6.(.....(....*..0..'........u......,..o....-...o......{.....o....*..0..$........{....,.*..}....r...p.s.......(....*...3$..t....}.....{...........s....o....*..}....*6.(.....(....*..0..'........u......,..o....-...o......{.....o....*..0..$........{....,.*..}....rC..p.s.......(....*...3$..t....

                                                                                                                                        C:\Program Files\NetSpot\is-HQR54.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):128192
                                                                                                                                        Entropy (8bit):3.1586724751323394
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:IafH95R0eeD4wZzzkvxEE3GO6cX8omcKIbil3J7EgVW+z5pRucjaS+hUAMxkEzw:X5GTQ6cX8953J7xzwqaS+Mxw
                                                                                                                                        MD5:59FD4AD45530FB35FA5FADB129520B0F
                                                                                                                                        SHA1:4D2E32DB40FA19669A0A329CC8D0B90A598276FF
                                                                                                                                        SHA-256:1A572EF9990966974785653D753427FCE36CF2C55EDC240E26C3A97C4BB1B86D
                                                                                                                                        SHA-512:8C1E588D2CC0E3168CACBD3404D37AF76CE83916EC489FC0803F4FC17E69BB25A4963ECC69F5DDB046F447D8FC833139AFB1F9EAB4A219E5B6E17763BF134894
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......b.....`.................................s...O.......p................,..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......@H...R...............@...........................................r...p*..(.....-.r...p..s....z..(....,.r%..p..s....z..}......}....*..j*J..j....j....j..*.*...0...........,..(....-.r5..p..s....z.{....rG..p(......rc..p(......r}..p(.......(....&..(....(......(.........(....%{.....{.......&..s....z(....(.....(.......s....*..(....B.3u........B.3x........B.<~.......0...........(...........(....*..0..{............r...p(....9_....r...p.(....o ....8,.....(!.......r...p.j(".....

                                                                                                                                        C:\Program Files\NetSpot\is-HRVUR.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):145119
                                                                                                                                        Entropy (8bit):6.16673676056021
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:ncTTfueUG72gX4nzTnAJsrA/YH3H3jX4oXwUXM8Uv7kr4Y/rQjc0YLY4HAXIbXLr:na1UGiGA0GyU
                                                                                                                                        MD5:FE122F8AFE02BD9E364996D3CD2E49E4
                                                                                                                                        SHA1:6910315CC0618B6AF86C286341DD2FF393A69FD3
                                                                                                                                        SHA-256:F6C6C59967AD2214888D58EFBF4F6131EB73E38167E2218A24FCAB8C5396BCF3
                                                                                                                                        SHA-512:BF9B2018C230E43111F8E471AAA03480D41856B9B48A8AC21179AA3F49BAF6886EF3A4DE36B538E0DE03626787B7012944D82706212BF077E1E97AEFDE4719E2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:............ .q...f......... .(......@@.... .(B......00.... ..%..'... .... ......!........ .h...w2...PNG........IHDR.............\r.f....IDATx...y.%.U...#3...Z..^.{........$..#......`....$`..$.c..c.......y<.x...H.......}{.....d......'N...U....;............C*....1...G.l "c..c..6..... "..E.2.Y.......e}v..l...gd;.-*~.v......3..............&.}.U....^...r8qx.{.z.u..Ic..;v.W_..{.......r...... rN`....".F@..x..Y....... ..c.L.5H/.~...574>n..h.L2.~_..2X.......p.&...G..;...]...).....?.W.(.w..l6)I..E.WG!6).4I^{....q.$...5.:.AL....2*.d..)6.3.n.c..!...+..g....y.i0\[...^..~.o....L../.....+q......j..lz.OD.I.1.........8..g.+.*.|G..k..6.u $..p.gH<O..m./.2v;o...g.l..UjW.](.=.K.K9......O..B...GJM...*.ug.D.Nc..$.."...(..'..C....}B.L...........R..<7...b.............C...4.N4..v............3R....Uu.g...9..z|..3."r.&...:u.u&.*.ug.e!)].......N....@.09.M....3.KB.....%..<..}.b...'..>......VaD......W.y|.x..qu.3..'.4%..b.y.a....7.......X....T.#..hu..S.fuj9o+`.L...(..W..t.....O3

                                                                                                                                        C:\Program Files\NetSpot\is-IQU4U.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):36743
                                                                                                                                        Entropy (8bit):4.26494414720123
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:zr757ABnPt6ECtQz7QFDj1aJSIJ8hJ5aAabsaNaIa1alhI4Hy6We2Sada1FH+oR:zX57ABPt6ECtQz7QF/hDROD2jeNCIRP
                                                                                                                                        MD5:0587F9E70036BABD971A31B33A3A1075
                                                                                                                                        SHA1:8696C4029A3A60E6F20BAE094D0DFAF165E6825F
                                                                                                                                        SHA-256:D6015D37F696A237D42C6E33B59273E1EDB129C92F390EDEDE825834651D4F6F
                                                                                                                                        SHA-512:1CAF000F3C8CC53AC743EC0EC98F54517E4ED462A63E4663C2DB7D21A8DDD68F800B17E7AC09F9967DE229DA306BE287EC59A6E9C6AB55CB51DF5F3FA870BC5D
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="MainWindowLeft" serializeAs="String">.. <value>50</value>.. </setting>.. <setting name="MainWindowTop" serializeAs="String">.. <value>50</value>.. </setting>.. <setting name="MainWindowWidth" serializeAs="String">.. <value>1280</value>.. </setting>..

                                                                                                                                        C:\Program Files\NetSpot\is-JOU0Q.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):39616
                                                                                                                                        Entropy (8bit):6.416250430782703
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:XNGbP6+wTXtcZDgcEST3p4Jjrjh2jJFSUyauYv1JKia5/Zi/WGQKVu6bxunOX+kQ:9Gm+gtcZDgcEST3p4JjrjaJFSUyau01o
                                                                                                                                        MD5:D399583F6B460F81F4AC093092F1E689
                                                                                                                                        SHA1:1C88A6FAB0C6C11F02D4885994002061D2286346
                                                                                                                                        SHA-256:D7C38AEA080A3B75C1E995AFEE9FCF3281B5A386DF5526F712A5691A959DB0E4
                                                                                                                                        SHA-512:EA805FE011C797C8248289A2F22651A1304E414825A4BD14FCB7406A8DBE5C3C3E6E94DD2DBCE3A0AEB2ACCDEA19C2EBF80800A9EB0DCF0140808CB2E1617379
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U............." ..0..d..........z.... ........... ..............................kO....`.................................(...O....................n...,..........D...8............................................ ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B................\.......H........7...E...........}..@............................................(....*..{....*>..}......}....*..{....*>..}......}....*..{....*>..}......}....*..{....*"..}....*..{....*>..}......}....*..{....*"..}....*...0..d........{....-K.(....-..(....-..(....-..(....,+..(.....(.....(.....(.......s....(....}.....{....%-.&.(...+*.0..C..........(....-..(.......(....,'.o.......(....o......(.......(....o ....*..0..B........#.......?}......}.....(!...}.....("....(b......(#.... . ...(#..

                                                                                                                                        C:\Program Files\NetSpot\is-LEMM7.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):711360
                                                                                                                                        Entropy (8bit):5.964336164449275
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:WBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUME:WBjk38WuBcAbwoA/BkjSHXP36RMGnE
                                                                                                                                        MD5:446856771077F3F59D680F1D598A1094
                                                                                                                                        SHA1:98CA5E8351CABC78917A7327849081CD3B226054
                                                                                                                                        SHA-256:1355DA2CA786CC9C3410C04CE2F06E90D3C2C7896849E9133AC3B3122549B0F8
                                                                                                                                        SHA-512:DBB1461D5C08F29265220724DB86EC04134ABEE31A36E7448E26A911C91246044CB47BE291E1487770352708E45468A6C85E1703D3160AAEA4E679B32E51874E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O........................,.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                        C:\Program Files\NetSpot\is-M74L2.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3268288
                                                                                                                                        Entropy (8bit):6.42437824613569
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:UEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVsNK33389:E92bz2Eb6pd7B6bAGx7GY333K
                                                                                                                                        MD5:2498951C33DB1793078FDA96E0A95FEB
                                                                                                                                        SHA1:229B894BA2BE8EFC3D84438DE4ED23D3C9FCFC22
                                                                                                                                        SHA-256:5FA2FF5EDA3E98B26D0C84C4FD11F255FA07E97B5A9BBD046BFEF70854B0E3DF
                                                                                                                                        SHA-512:342F778D82DC3143A56897A6CC4B6AB652D328B51F6F387DDA7823E521B553C73626F0D82EE8B8F1C2CA512A188D03846652952A4EB97FFD49D759805EE4132E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,..t......`F,......P,...@...........................2.......2...@......@....................-......p-.29....-.h.............1..,....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...h.....-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                        C:\Program Files\NetSpot\is-MACOH.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2620608
                                                                                                                                        Entropy (8bit):6.20603256416396
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:ifLbHo+3NJ6ruQ3iPGZJ2lkkz5P+8ja1bQS4UbFLr3oApxrEeeiW+kn9jEH3M5v/:2N9U5kzI1bpbh3oApxrEeeb9jEH3q/
                                                                                                                                        MD5:8F16C49C67584F8AE78C07C778529DAC
                                                                                                                                        SHA1:2036B7CF319FA50FA6FC2C4D98774BE18053DDF0
                                                                                                                                        SHA-256:27F65B9F060ED740C8091E76E3288CD303D1CD6E67455C69B06EF1F15E438F4A
                                                                                                                                        SHA-512:01E6CDBB380295D61065D76BE8C74DCE15190929653BB2901AF34412448F82B1E8C5B5E7F91713FB35D3A0FC83E905AAA496EC9755089C3A1DBD49128096404E
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'a.........." ..0...'.. ........&.. ....'...... ........................(.......(...@.................................<.&.O.....'.0.............'..,....'...................................................... ............... ..H............text...,.'.. ....'................. ..`.rsrc...0.....'.......'.............@..@.reloc........'.......'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\is-N15GE.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):95424
                                                                                                                                        Entropy (8bit):3.97476551758576
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:02BN36Vyaray1QR9xXUOHo8QsJ7VWfRvS/9QUld+Vxh:02BN36VyarawQBUOtQc7VWfRq/9QUlde
                                                                                                                                        MD5:B739BA39557A7E65930F0273C8BE97F5
                                                                                                                                        SHA1:8E06026BDE4C3463D0720B9C2ABE3811604FE3D0
                                                                                                                                        SHA-256:F1F529DBC31344DEDE7CCAEFA1C6B67E18F345178513D2E0564BA48578531C96
                                                                                                                                        SHA-512:3D252E7EB1FAC0C04699169B87448FC0C4B80EE81188455158C41F585291E0710756212393C9AE417DE7839116EA115390BA5F9A5E90CDC7EC64FA40F7971550
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>...........\... ...`....... ...................................`..................................[..O....`...............H...,...........Z..8............................................ ............... ..H............text... <... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................[......H........C..LF..........D.......LZ.......................................r...p*..(.....-.r...p..s....z..(....,.r%..p..s....z..}......}....*..j*J..j....j....j..*.*...0...........,..(....-.r5..p..s....z.{....rG..p(......rc..p(......r}..p(.......(....&..(....(......(.........(....%{.....{.......&..s....z(....(.....(.......s....*..(....B.3u........B.3x........B.<~.......0...........(...........(....*..0...............r...p(....9x....r...p.(....o ....8E.....(!.......r...p.j(".....

                                                                                                                                        C:\Program Files\NetSpot\is-NKE6A.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):46272
                                                                                                                                        Entropy (8bit):6.3915296931618455
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:Qn/WlAKj4s0TV09797+nXDheteXBxc78OSWbZ8lcDP/ryEH0UBy4JjrD1h2j5h3O:Q+msYXR3QZ8lcDP/ryEH0UBy4JjrD1a+
                                                                                                                                        MD5:69F06655D5D78AEAD71408B2E2702550
                                                                                                                                        SHA1:FA57F4FF13CED854EE78C358C7A000C35D9FD1F6
                                                                                                                                        SHA-256:610FC814767F08378861B15FC6685FF6D34261931BA0324D309EA902B48BDF44
                                                                                                                                        SHA-512:9FD911EC95A44F4830887E9EFDA7AA808DF7349918FE45C20F3246DC40462CE5CE419196DC4A2F5C67E5970BFDD34F55BA36D8BBC53606A15924596C13DB0290
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0.............R.... ........... ..............................).....`.....................................O........................,..........(...8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................1.......H.......4B..4X..........h...@.............................................(....*F.~....(....tV...*6.~.....(....*F.~....(....tV...*6.~.....(....*F.~....(....tV...*6.~.....(....*F.~....(....tV...*6.~.....(....*F.~....(.........*J.~..........(....*F.~....(....tV...*6.~.....(....*F.~....(.........*J.~..........(....*F.~....(....tV...*6.~.....(....*6.t.....}....*.0..r........{....-Y.(....-..(....-..(....-..(....,9.(.....(.......s.......(......&....(.....(.....(....}.....{....%-.&.

                                                                                                                                        C:\Program Files\NetSpot\is-NNF2R.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):95936
                                                                                                                                        Entropy (8bit):6.183235631950533
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:Bik/wSVM+OfIUdM6JOqBX9y0Bw4hgMKWHRD07XfgeEaR+JxN:Bikw5fLM61X9y4LgMKWNIR+1
                                                                                                                                        MD5:3963D31541913BC800F0B213B32671FC
                                                                                                                                        SHA1:76DDF0A0CBE75C475D000FD86A25900A720CBA88
                                                                                                                                        SHA-256:48A86A9037B19ECC05BC4F1270C9EB5C4B2209D549E0E44B6D132B7262F00022
                                                                                                                                        SHA-512:37367CB322315083F8D41A2A4F9993DA168FE2A4AE8BBCD5BA917914ED5690D0FA41B734EB42003FE14258FF1566A68D454632A8EFB5E0F014E003AF372A309A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..@...........^... ...`....... ....................................`..................................^..O....`..L............J...,...........]..T............................................ ............... ..H............text....?... ...@.................. ..`.rsrc...L....`.......B..............@..@.reloc...............H..............@..B.................^......H...............................,]........................................{H...*"..}H...*:.(#.....(....*Z..j}J....(#.....}I...*...j}J....(#.....}I.....}J....{J....j1..($...*..{K...-'.{I...(%....{J....j1..{J...(&.....}K...*...0............o.......(.....*...................:..o.....('...*>..((.....}L...*"..((...*..{N...*.0..:........(#...()....o*......i.X(+.........i(,......i.(-.....}N...*n.{M...-..(....(%.....}M...*...0............o.......(.....*...................:..o.....('.

                                                                                                                                        C:\Program Files\NetSpot\is-O8J9C.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):503488
                                                                                                                                        Entropy (8bit):5.443413703792705
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:ZCtxgrB3ye+iKzORFNgeA+imQ9pRFZNIEJdIElxPrEIgcvLcglxMwCepM1STUP3u:hecQ
                                                                                                                                        MD5:771F93F95A675BE5E18764EBD03FAAD3
                                                                                                                                        SHA1:EFC18C566FA2ECFCE34842065AFF94E9A2AF65C6
                                                                                                                                        SHA-256:9E4CD6FC41D39B8D8AC3BC9E6C3831F5CE889B02D67D15B6B131C49F9B4931BC
                                                                                                                                        SHA-512:0D8A936A0CA75A4C20C205192DDF303E4C2282644578A18753554E6B71BA9CD04285138CAC0829060D9983D2C727D14D8532E327379CB2148A03B6186E12100D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@e.........." ..0..z.............. ........... ....................................`.....................................O........................,..........T................................................ ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......................................................................0..G.........()...}<......}>......}?......}=......};.....|<.....(...+..|<...(+...*..0..I..........(!....o.....8..o,... .@..3.r...p.s-...z.z..o,... ....3.r}..p.s-...z.z*........................,.......0../........{....- ..{....t....}.......r...p.s....z.{....*................."..}....*....0../........{....- ..{....t....}.......ry..p.s....z.{....*................."..}....*....0../........{....- ..{....t....

                                                                                                                                        C:\Program Files\NetSpot\is-OQL12.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):213184
                                                                                                                                        Entropy (8bit):6.029136266504707
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:5WKxjB7ckkZfM9xFR42GhjKEu9gU+O8FM51t5Lsff9XAcLmGXZiSS8GF1fK3LjEu:9RQZMJNIWXgUn1LLsxAnYZaaPW+r
                                                                                                                                        MD5:20AE959144C1617CA06522162BD5B2DE
                                                                                                                                        SHA1:654427C860D59C787FC4A51EE2E2964635B264C9
                                                                                                                                        SHA-256:1F42A24C33D0CDF2347F0105D35278FE9D713C6E7AC5BFB3AC97C77571D58D62
                                                                                                                                        SHA-512:5118ED89C8B3D8165FD32B0DD5B6BFC58B678FA978824B5CCFD79676818A7A7184C01816731292F48B02B2B6E8E9C8238081A2F7F4D47CD96DF0BFAD73567450
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............6+... ...@....... ....................................`..................................*..O....@...................,...`......,*..8............................................ ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H..............................)......................................:.(......}....*..0..A..............9.....9....8.....o.....Y.s..........%.X...%.X.o.......o..../...o....(........(........s.......o.....Y.s..........%.X...%.X.o.......o..../...o....(........(........s.........o....(....,%...o....(....,.....(....,.....(....-......{....(....+.....(......-...o..../...o....?.....-$.o.....o....Y.+.....(........(....Y..*v.-.~......o....*~......o....*^.s..........s.........*..0..

                                                                                                                                        C:\Program Files\NetSpot\is-PLA7C.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):463552
                                                                                                                                        Entropy (8bit):7.198266681488947
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:bSUgXUnIJcP095xAVdPwx2y85xtAVdPwx3yeZC:bSUkUnIJcPphwd1hwoeZC
                                                                                                                                        MD5:5D11AE8FEF71CFFF200D1A28CAAB6BFC
                                                                                                                                        SHA1:C9601069312A8FE7AF17F21149B9950438BDCB98
                                                                                                                                        SHA-256:6E53EC39FBF8FCA637C1516D787133AF0436C9FE0F2C8EDBF467B6068C67692E
                                                                                                                                        SHA-512:7EA16FC73651D22D73EA570007B52185B14DF8910426A77A1FCF3AD4DFFACF3506FE57156377C744BC23700A009D42D646A4211BDC0D401CB0D28510B58AC21F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............."...0..D...........c... ........@.. .......................@............`.................................Yc..O.......T................,... .......b..8............................................ ............... ..H............text....C... ...D.................. ..`.rsrc...T............F..............@..@.reloc....... ......................@..B.................c......H........|..............DA... ..<b.......................................0..D........(......}....(....o....9!...(....(....(....(....( .....x...%....!...s"....%....#...s"....%....$...s"....%....%...s"....%........s"....o&....('...}.....{.....o(....{....o)....{.....r...p(*...(+...o,....{.....r+..p......%.rk..p.%.(-...o.....%.r...p.%.(/....(0...o,....{....(1...~...........s2...o3...........s4...(5...*.(6...*.0............(7...(....o....9....(....o8...-C(9....r...p(:...(:...o;...

                                                                                                                                        C:\Program Files\NetSpot\is-R0J2V.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):21184
                                                                                                                                        Entropy (8bit):6.734286901929472
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:URztVqrrT4350+pwKNs+kYAM+o/8E9VF0NycY4PMr:URz707+DAMxkE6LPU
                                                                                                                                        MD5:406D01A814E845A3B5ABC94931A1CA14
                                                                                                                                        SHA1:C55C0507A16B0CA7BFD323C05CC8BF64C6AE9D72
                                                                                                                                        SHA-256:FDFD4A7CBF9811810BA1F8BBE745BCD674275C06528808AB4008C0F2717FE185
                                                                                                                                        SHA-512:E3F898E86F5496C8334933924AA68050E1827F81139E6FB695BFD9407529BA680D605C3ED7D4822262C44605AD1963C35165406875D8B615771E1BA6D8C8E1D0
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............;... ...@....... ...............................r....`.................................w;..O....@..L............&...,...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`.......$..............@..B.................;......H.......l(...................... :......................................f.{....,..{....o.......*.*V.(......}......}....*n.{....,..{....o......}....*.0..f...........(......(.......r...p(......(....(...+r...p..o....,..o.....+.~.........{....%-.&+...o....r...p....*..........HH.......0...........-.rM..p..s....z.-.rW..p.......s....z.#.......?(....(....,.ra..p.......s....z..-.rs..p...s....z.....(......(.......r...p(....r...p..(....(......(...+r...p..o....,..u.....s....z........%.r.

                                                                                                                                        C:\Program Files\NetSpot\is-S0F5R.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):421568
                                                                                                                                        Entropy (8bit):6.116107069419712
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:E5douWvsWkOfjL/MEd6/7vfA8SCW1nFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFk:EpjblhW12T
                                                                                                                                        MD5:3B35A94274BEEB1B87406ECBD09B1F5A
                                                                                                                                        SHA1:E1F0332812B7E5BDEF70B8E088B85743071E3B42
                                                                                                                                        SHA-256:5B2F115110208AFC1FADA50C90BBEB468691C36FEA411BDF5E3B13BBCDF8DEAA
                                                                                                                                        SHA-512:0CD9DFC1B13F59A1C2C25C6694133E67E81D84AD77F9CC5BB9C6CECADA3FE124EAC7D239D7CFD7A8605A5D1D92D32E95CBC5EC603A6675D3607799EEA1F4B8E0
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0..8...........T... ...`....... ...............................K....`..................................T..O....`..p............B...,..........XS............................................... ............... ..H............text... 6... ...8.................. ..`.rsrc...p....`.......:..............@..@.reloc...............@..............@..B.................T......H........X..\V.................R......................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....(.....r)..p.(........(u.....~<...(=...,z.....s....}.......}.......}............{............%......(>....%...D....%...!....%...%.........%....%.........s....(B...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(j

                                                                                                                                        C:\Program Files\NetSpot\is-SEC79.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):23232
                                                                                                                                        Entropy (8bit):6.7286820220060966
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:HrMdp9yXOfPfAxR5zwWvYW8aPpwKNs+mzgAM+o/8E9VF0Ny8+:HrMcXP6N+MgAMxkE5
                                                                                                                                        MD5:BDA4F42C08756FD768ADBC64A42D42BF
                                                                                                                                        SHA1:8EFA0D581DC5F0C414E5F59C99A8B21B9B6D8586
                                                                                                                                        SHA-256:15A26CFE3B29E95C6EA82180A776855246BA7943CC8EDA92027E55B042BA4767
                                                                                                                                        SHA-512:48B2480FB79852D885D2FEB12C00F4141E49DEB1771DDB141582100C9A5367C297516DE200F2B62C4FDA037DCB06B79C892108AECA9C5F2E94511B5510E58D8B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ...................................@..................................B..O....`..@................,...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                        C:\Program Files\NetSpot\is-T7BIU.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):117440
                                                                                                                                        Entropy (8bit):6.144301944790689
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:mfBa6TWUNuRhicznzcSZRazyDG43vjyMcnFlizn+e:7UNuZjAI+mvuMX+e
                                                                                                                                        MD5:406AE2EC01F5C8D9A497A93CE899B6D1
                                                                                                                                        SHA1:AC788C740A3D50323B9C370A8781E7A9418C25C3
                                                                                                                                        SHA-256:A62F9A9AA01EC1F7FE207EA53A5F065C2925910C54FA084485763C1E46A84711
                                                                                                                                        SHA-512:6D136EB03D6911F2432D61558B771A56AD32B3B88BFBF08F8408436A8D0A086C8017DA22D73A830A66070559142FF8538A02316A006E7E709489EA2440F02C66
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.WL...........!................n.... ........@.. ....................................@.....................................S.......h................,..........`................................................ ............... ..H............text...t.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................P.......H........................r...!..P ......................................N......@...&. K...Z......_.......7....L4.5.m..a......eJ.iM..t8...A..yST#^Es..x.z{Z......j.\......o...?+"0t.!|.......]-.3.:.(......}....*..0...........{......E........t...Z...+r..}......{....{....o....}......}....+9..{....o....t(...}......{....s....}......}.......%..}.....{....o....-..(.........(......*....................{....*.s....z..0.."........{.......YE............*...(.....*..................

                                                                                                                                        C:\Program Files\NetSpot\is-TEQCU.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):143552
                                                                                                                                        Entropy (8bit):6.178173534332629
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:KUGrszKKLBFa9DvrJGeesIf3afNs2AldfIO+RZy:9BFd3/aFs2s+RI
                                                                                                                                        MD5:413409FB1CFFA5E7DB28FDA1A9236952
                                                                                                                                        SHA1:E7A100E2D0FAB05770C8876A8699DC48FAF7B128
                                                                                                                                        SHA-256:D31D1A7799CF078202226314444FE1FD63360B58C58AC415B28B76A4A6B32573
                                                                                                                                        SHA-512:61E1A1EAE5D9C032898A55721654F65F6E6BC7EF2B69D17BEE428BC1926EE12FC76DDF258A8B62B597DE960D35196426F0A6FA8DF510EFC266B64EF7F06CB1A6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`.......?....@.................................X...O.... ..0................,...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                        C:\Program Files\NetSpot\is-U2GGI.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19136
                                                                                                                                        Entropy (8bit):6.766582192844977
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:Fab8qy+Cqy+gjqy+fqy+g3ipwKNs+EP93AM+o/8E9VF0Nyzhx:Fk8qyRqyVjqyAqyx3+q3AMxkEXx
                                                                                                                                        MD5:3806DD6191DDFA52BE38A2E24EE1553D
                                                                                                                                        SHA1:6A08F301112873E5039630EF618B3ECEBF04E1F6
                                                                                                                                        SHA-256:21B098C0D71D552BA0FC22E0E7E76383B0FA2C9248C296ACED744FF09914698D
                                                                                                                                        SHA-512:5D8D9CD398AA22DBD4CF772D96836D14CCA57C0013A4EE01A027F7D2AC3D765F5EA26DF539258BD1C703DA0CD83D0B055CE42629E9E5943DE5107D6E367C6538
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1............" ..0..............3... ...@....... ..............................XX....`.................................M3..O....@..(................,...`......|2..8............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B.................3......H........$.......................1......................................B.{....%-.&~....*....0..b........(......}.....~....}....r...p(.......r...p.s....z...(......(....(........(....rS..p.s....z.(.....*...(.......$........2..G........2.(Z.......0............(.......(.....*...................:..(.....(....*..{....-!.,...}....(....r...p(....&..}....*...0..2........{....,.r...ps....z.(........r...p.s....z.(......*.......................).......0..9........{....,.r...ps....z...(.

                                                                                                                                        C:\Program Files\NetSpot\is-V7Q4A.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):50880
                                                                                                                                        Entropy (8bit):6.269476648862555
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:Xbg+pHH9VDgBN0cyzFnQWMJpMsR3Rf8sNJG+DgAMxkEj:so40x5yJmsRKsNJG+Duxn
                                                                                                                                        MD5:5D4A784B1151F073301874AEBFB3D5DD
                                                                                                                                        SHA1:1A448375FBA97616562954ACE158A6C1B7ACF57B
                                                                                                                                        SHA-256:8BD4E11D3141377CA835518C45440380285890195FE2C85D1D73FF4159A204E6
                                                                                                                                        SHA-512:2A626D769381D5C34E5892093CBCF23DF5EFA5677458F5090576304039D773D95BB3125F651CD08658081751E2226E8F6E7980CAD9067C71117D42405444A3B7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]............" ..0.................. ........... ....................................`.....................................O........................,..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......@V..4X..................t.........................................{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{ ...*..{!...*..{$...*..{%...*..{&...*r.{&........}&....r...p(....*..{'...*r.{'........}'....r...p(....*..{(...*..{(....(....,...}(....r-..p(....*..{)...*..{)....(....,...})....r9..p(....*...0...........(......}......}......}......}.....~....}......}......}......(....}.....#........}.....#........}......(....

                                                                                                                                        C:\Program Files\NetSpot\it\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19648
                                                                                                                                        Entropy (8bit):6.841375498357664
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:N8RiW376bon0jpwKNs+R5mYKAM+o/8E9VF0Ny0ssm:eJ76sn0Q+gAMxkEV
                                                                                                                                        MD5:15C81339494AA64A8516908D0834CFE4
                                                                                                                                        SHA1:406F59300648ABC4D01837752D85D59F3C8FCBDF
                                                                                                                                        SHA-256:38E3E17ED2147F2F18C4AF0F61E42713BA224D44808AC91D593FF066C0CA692F
                                                                                                                                        SHA-512:CF584771FCBB64A46484E605A717AF2D8CF3F35E1F1275831C2E59F44864BCB5EF0CEFBD19E25BF910FF4A0F446E19C4578540125B6E3E5BA8B43EBA5BE2D3E7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!.................7... ...@....... ....................................@..................................6..W....@............... ...,...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......D3............... ..t...P ..........................................7(n...h!...m..#...URP.. .1...y...Q...i[y...5.W.t.....;.......v.}........^C..Q..W.e.w...H..h.?4w.<..0.M....`....e.Rp..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....(.......PADPADPpq(..QR.9F^.z>.....P....0..%........?9'....d.,.Y.[.,...).....C..$".....]}..F..'...(,(#08H.1C.o9

                                                                                                                                        C:\Program Files\NetSpot\it\is-S2EDF.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19648
                                                                                                                                        Entropy (8bit):6.841375498357664
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:N8RiW376bon0jpwKNs+R5mYKAM+o/8E9VF0Ny0ssm:eJ76sn0Q+gAMxkEV
                                                                                                                                        MD5:15C81339494AA64A8516908D0834CFE4
                                                                                                                                        SHA1:406F59300648ABC4D01837752D85D59F3C8FCBDF
                                                                                                                                        SHA-256:38E3E17ED2147F2F18C4AF0F61E42713BA224D44808AC91D593FF066C0CA692F
                                                                                                                                        SHA-512:CF584771FCBB64A46484E605A717AF2D8CF3F35E1F1275831C2E59F44864BCB5EF0CEFBD19E25BF910FF4A0F446E19C4578540125B6E3E5BA8B43EBA5BE2D3E7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!.................7... ...@....... ....................................@..................................6..W....@............... ...,...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......D3............... ..t...P ..........................................7(n...h!...m..#...URP.. .1...y...Q...i[y...5.W.t.....;.......v.}........^C..Q..W.e.w...H..h.?4w.<..0.M....`....e.Rp..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....(.......PADPADPpq(..QR.9F^.z>.....P....0..%........?9'....d.,.Y.[.,...).....C..$".....]}..F..'...(,(#08H.1C.o9

                                                                                                                                        C:\Program Files\NetSpot\ja\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):132288
                                                                                                                                        Entropy (8bit):5.911505919807469
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:7yUHjAd6D5T/a0E3Oz9neJa2/mc3G1o+AZ:mmH2/V+AZ
                                                                                                                                        MD5:09C887F0ED9B56226AE400AF223E8128
                                                                                                                                        SHA1:053503D13E24E884B1DFDE1AA5A1BA4CF275FB23
                                                                                                                                        SHA-256:19E897CCC496337DE3E3C4B0507293E329D0D6BE60793D53A513109B2BD0B291
                                                                                                                                        SHA-512:1DAAD34DFA12430CF7A0A1AD2909190DB8D138AD4F99C0E8E6AC85A5C4776250BEA4414D38A6003DFBC4BDB5C05966D5437CF0A612CBACE7164BFF24558E8463
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!..................... ........... .......................@.......F....@.................................`...K........................,... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........................ ......P ........................................e.h.t....QG'..:>?.N8G.+..Y@...d....&8.;7...[2A8g....!X,...:..;."..9W..:bgK.u....0....;~4..W.....o.J.....4*...i...9.PH..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\ja\is-6CS50.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):132288
                                                                                                                                        Entropy (8bit):5.911505919807469
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:7yUHjAd6D5T/a0E3Oz9neJa2/mc3G1o+AZ:mmH2/V+AZ
                                                                                                                                        MD5:09C887F0ED9B56226AE400AF223E8128
                                                                                                                                        SHA1:053503D13E24E884B1DFDE1AA5A1BA4CF275FB23
                                                                                                                                        SHA-256:19E897CCC496337DE3E3C4B0507293E329D0D6BE60793D53A513109B2BD0B291
                                                                                                                                        SHA-512:1DAAD34DFA12430CF7A0A1AD2909190DB8D138AD4F99C0E8E6AC85A5C4776250BEA4414D38A6003DFBC4BDB5C05966D5437CF0A612CBACE7164BFF24558E8463
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!..................... ........... .......................@.......F....@.................................`...K........................,... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........................ ......P ........................................e.h.t....QG'..:>?.N8G.+..Y@...d....&8.;7...[2A8g....!X,...:..;."..9W..:bgK.u....0....;~4..W.....o.J.....4*...i...9.PH..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\pt\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):125120
                                                                                                                                        Entropy (8bit):5.557102842525515
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:dFyijsKuoXp6g6sewWjpVHxbv3fvg4W+QE:d4MxQPfvs+QE
                                                                                                                                        MD5:901CCD8FB3D9D974FA53B1957FA07D6E
                                                                                                                                        SHA1:FFC243ED5DC2E3ED58FA10BA1B70432D6E6DEE91
                                                                                                                                        SHA-256:FDFF149028EF2E927DD46B1A250D395DE85F43BA9BA5DE253679955A25BBCF7A
                                                                                                                                        SHA-512:63362E18EAB228614CD71294D80B6FBE39E168A4F43FB60371163B80E1A37EB82D77F234F65E46045F9839E69C7DFC386F6B847D2F1C1AB82ABC4A7859CAFCEF
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!................n.... ........... ....................... ......0.....@................................. ...K........................,........................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H.......d................ ......P .........................................th.........]#..=.H.F.K.......)..Z..EO..F.Qf}.tS.k.....~...C6...'.W...R.Q...l..]...k..NQ.|..@.H.}..'.........B...<.0..b................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\pt\is-KTD9U.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):125120
                                                                                                                                        Entropy (8bit):5.557102842525515
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:dFyijsKuoXp6g6sewWjpVHxbv3fvg4W+QE:d4MxQPfvs+QE
                                                                                                                                        MD5:901CCD8FB3D9D974FA53B1957FA07D6E
                                                                                                                                        SHA1:FFC243ED5DC2E3ED58FA10BA1B70432D6E6DEE91
                                                                                                                                        SHA-256:FDFF149028EF2E927DD46B1A250D395DE85F43BA9BA5DE253679955A25BBCF7A
                                                                                                                                        SHA-512:63362E18EAB228614CD71294D80B6FBE39E168A4F43FB60371163B80E1A37EB82D77F234F65E46045F9839E69C7DFC386F6B847D2F1C1AB82ABC4A7859CAFCEF
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!................n.... ........... ....................... ......0.....@................................. ...K........................,........................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H.......d................ ......P .........................................th.........]#..=.H.F.K.......)..Z..EO..F.Qf}.tS.k.....~...C6...'.W...R.Q...l..]...k..NQ.|..@.H.}..'.........B...<.0..b................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.@........W.....b.......V..........-...93.(.5...q....E8...t........y.P....W=...o..x...MV.M...

                                                                                                                                        C:\Program Files\NetSpot\ru\NetSpot.Base.resources.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19648
                                                                                                                                        Entropy (8bit):6.8391134338119555
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:I8RiW376boLUnGjpwKNs+s6yAM+o/8E9VF0Nymdll:3J76sLMGQ+WAMxkESll
                                                                                                                                        MD5:FF95C8643A53680F671B29EF6C01EFA1
                                                                                                                                        SHA1:98BBAB0256C24887F93293CA25F2DEB6BCB0FB47
                                                                                                                                        SHA-256:6A2158AACEBAAB7E636FE1771B39E015014C4E5AB9F51E883328BD156C151CA1
                                                                                                                                        SHA-512:CD1365CE480B4AEE005603E30A1B71FC9B66FC0E4339722EF16DCC11F0C0E7B751F03EAA06271CFBE9455C44B5524586E34B23776A739F4DFF1BC01A390B7B83
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!.................7... ...@....... ....................................@..................................6..W....@............... ...,...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......D3............... ..t...P .......................................W<..-a..!.7.......)......C.+.k)...dR1x...em...5.O+25A.H.W.G.eT..I-.S.h.....K.z.c.../.....n'.O.k..E.....>.$...4$m.$....Vc.p..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....(.......PADPADPpq(..QR.9F^.z>.....P....0..%........?9'....d.,.Y.[.,...).....C..$".....]}..F..'...(,(#08H.1C.o9

                                                                                                                                        C:\Program Files\NetSpot\ru\is-JL9ET.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):19648
                                                                                                                                        Entropy (8bit):6.8391134338119555
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:I8RiW376boLUnGjpwKNs+s6yAM+o/8E9VF0Nymdll:3J76sLMGQ+WAMxkESll
                                                                                                                                        MD5:FF95C8643A53680F671B29EF6C01EFA1
                                                                                                                                        SHA1:98BBAB0256C24887F93293CA25F2DEB6BCB0FB47
                                                                                                                                        SHA-256:6A2158AACEBAAB7E636FE1771B39E015014C4E5AB9F51E883328BD156C151CA1
                                                                                                                                        SHA-512:CD1365CE480B4AEE005603E30A1B71FC9B66FC0E4339722EF16DCC11F0C0E7B751F03EAA06271CFBE9455C44B5524586E34B23776A739F4DFF1BC01A390B7B83
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W~.e...........!.................7... ...@....... ....................................@..................................6..W....@............... ...,...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......D3............... ..t...P .......................................W<..-a..!.7.......)......C.+.k)...dR1x...em...5.O+25A.H.W.G.eT..I-.S.h.....K.z.c.../.....n'.O.k..E.....>.$...4$m.$....Vc.p..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....(.......PADPADPpq(..QR.9F^.z>.....P....0..%........?9'....d.,.Y.[.,...).....C..$".....]}..F..'...(,(#08H.1C.o9

                                                                                                                                        C:\Program Files\NetSpot\runtimes\win-arm64\native\WebView2Loader.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):138944
                                                                                                                                        Entropy (8bit):6.078786820001685
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:9VMcQjNRhcdP5myyqH1LeBMtH+IpKiArGBUsWhd/TcwWEUEtCqCiAwpGf+ix5V:/MHed4/qCoH7e+y/TiEUEtCqCiAwsf+Y
                                                                                                                                        MD5:546137C6C307F25EC4995C42E1B81256
                                                                                                                                        SHA1:6C3036BC36BEDB2E1C6142D46A4E5BEC62C6EDF2
                                                                                                                                        SHA-256:3F6CF33900E9F7718ABFD6CBF12EDA4E72BF5F8D481D9ABF768543BBCB5DFA68
                                                                                                                                        SHA-512:15A501A1F42EE6E950FD3ACFA1024F02CDF2354DBDC6D721E1BF2773D5E7A216CA4FA67334479A851D05F5E84C127B903E6F62AA26E35726449EF5164EA766F9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....0...........W.......................................P............`A...................................................(....0...................,...@......l...8.......................(... A..@...............h...x...`....................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....pdata..............................@..@.00cfg.. ...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\runtimes\win-arm64\native\is-UGST8.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):138944
                                                                                                                                        Entropy (8bit):6.078786820001685
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:9VMcQjNRhcdP5myyqH1LeBMtH+IpKiArGBUsWhd/TcwWEUEtCqCiAwpGf+ix5V:/MHed4/qCoH7e+y/TiEUEtCqCiAwsf+Y
                                                                                                                                        MD5:546137C6C307F25EC4995C42E1B81256
                                                                                                                                        SHA1:6C3036BC36BEDB2E1C6142D46A4E5BEC62C6EDF2
                                                                                                                                        SHA-256:3F6CF33900E9F7718ABFD6CBF12EDA4E72BF5F8D481D9ABF768543BBCB5DFA68
                                                                                                                                        SHA-512:15A501A1F42EE6E950FD3ACFA1024F02CDF2354DBDC6D721E1BF2773D5E7A216CA4FA67334479A851D05F5E84C127B903E6F62AA26E35726449EF5164EA766F9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....0...........W.......................................P............`A...................................................(....0...................,...@......l...8.......................(... A..@...............h...x...`....................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....pdata..............................@..@.00cfg.. ...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\runtimes\win-x64\native\WebView2Loader.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):163520
                                                                                                                                        Entropy (8bit):6.216958778811869
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:0tWvF4bCEAJ1/fEyClkpOpji64PsvI8SCOT9dEt+NsgYjl+0:KWKY1/sygQi4skEtTJ+0
                                                                                                                                        MD5:7F1E00877FA248831DD63892718B90B5
                                                                                                                                        SHA1:4A61ED35FEF63B2836837FB0F09BCF3317C7EFBE
                                                                                                                                        SHA-256:C56CDE1561968AEA06C0CAD4F659E33D3B4BE1BBF92D8694B0904BC3D0F6BB77
                                                                                                                                        SHA-512:4B6B378E2E826C7A28B81A8D58C7C6BA3514A3695CBFBBD8B991556CDE0336202B1717BBA182B9375724CA441E6D51CEB3E3107996B3CEAA647022946E7B2F00
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....N...........K..............................................w.....`A....................................................(............@.......R...,..............T.......................(....a..@...................(...`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`.......*..............@..@.gxfg........p.......,..............@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\runtimes\win-x64\native\is-IIR56.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):163520
                                                                                                                                        Entropy (8bit):6.216958778811869
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:0tWvF4bCEAJ1/fEyClkpOpji64PsvI8SCOT9dEt+NsgYjl+0:KWKY1/sygQi4skEtTJ+0
                                                                                                                                        MD5:7F1E00877FA248831DD63892718B90B5
                                                                                                                                        SHA1:4A61ED35FEF63B2836837FB0F09BCF3317C7EFBE
                                                                                                                                        SHA-256:C56CDE1561968AEA06C0CAD4F659E33D3B4BE1BBF92D8694B0904BC3D0F6BB77
                                                                                                                                        SHA-512:4B6B378E2E826C7A28B81A8D58C7C6BA3514A3695CBFBBD8B991556CDE0336202B1717BBA182B9375724CA441E6D51CEB3E3107996B3CEAA647022946E7B2F00
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....N...........K..............................................w.....`A....................................................(............@.......R...,..............T.......................(....a..@...................(...`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`.......*..............@..@.gxfg........p.......,..............@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\runtimes\win-x86\native\WebView2Loader.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):118464
                                                                                                                                        Entropy (8bit):6.525345249801986
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:+ny/h/lA9t2JqgDyBGFHyklk3QKHS8TXoEtpAlyh0uo+iL:z/lct2JFkxk9Etiwzo+iL
                                                                                                                                        MD5:27CD42C5365CDC6FDE24835781AF9ED0
                                                                                                                                        SHA1:9FF49013B5D8B461915F4F6DC898D5E242CFBA4A
                                                                                                                                        SHA-256:C36EFF8A620AF46B8DFE937C690EA12E06698E348AD86180627B52F1E9901863
                                                                                                                                        SHA-512:820C52225D103761B335C80A7C657292BB12F0EAEBCE81BD300213A8CDFC844303A562E8F4C6027AB7F74C14BD328BBD9FEE978534C7474D44E665F723F6C1E2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...vS@e.........."!................PD..............................................;.....@A.........................u.......v..(........................,...........n..8....................l......`............... x..<...lt..`....................text............................... ..`.rdata...u.......v..................@..@.data...,............z..............@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\runtimes\win-x86\native\is-D9116.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):118464
                                                                                                                                        Entropy (8bit):6.525345249801986
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:+ny/h/lA9t2JqgDyBGFHyklk3QKHS8TXoEtpAlyh0uo+iL:z/lct2JFkxk9Etiwzo+iL
                                                                                                                                        MD5:27CD42C5365CDC6FDE24835781AF9ED0
                                                                                                                                        SHA1:9FF49013B5D8B461915F4F6DC898D5E242CFBA4A
                                                                                                                                        SHA-256:C36EFF8A620AF46B8DFE937C690EA12E06698E348AD86180627B52F1E9901863
                                                                                                                                        SHA-512:820C52225D103761B335C80A7C657292BB12F0EAEBCE81BD300213A8CDFC844303A562E8F4C6027AB7F74C14BD328BBD9FEE978534C7474D44E665F723F6C1E2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...vS@e.........."!................PD..............................................;.....@A.........................u.......v..(........................,...........n..8....................l......`............... x..<...lt..`....................text............................... ..`.rdata...u.......v..................@..@.data...,............z..............@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\unins000.dat

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:InnoSetup Log 64-bit NetSpot, version 0x418, 55272 bytes, 562258\37\user\376, C:\Program Files\NetSpot\376\377\377\007
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):55272
                                                                                                                                        Entropy (8bit):4.010809354303477
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:o7U6L0PId6R8O8WutBiM8yOcBw3/7aUj72ogub3bvSYVtY1WcWhcbPVK0MoLD1tc:o7ntBiMhBw3WU2wLfTcbY0Moc
                                                                                                                                        MD5:F3469E5B7D13933905DE3C41496C8FD3
                                                                                                                                        SHA1:95EDDF8BE945292A0F8C2B31B395549A91463387
                                                                                                                                        SHA-256:9017C544D3BA3F0B77F6F9F279AF7409545FD67CEE21525C0BF2FAB67DFB4426
                                                                                                                                        SHA-512:31D2941BC74D316329CD1DD44DC4F97294CC346E138F9F629248EDFA00250766B00E43D5CDFD9FF29001D26D43BF1EB854DEA7F85F70C2EDC091536D894928BE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:Inno Setup Uninstall Log (b) 64-bit.............................NetSpot.........................................................................................................................NetSpot.............................................................................................................................o.........................................................................................................................7........V.{.......k........5.6.2.2.5.8......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t..................0.... .....h.... d..IFPS....+...O....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM..........................................!............TDOWNLOADWIZARDPAGE....TDOW

                                                                                                                                        C:\Program Files\NetSpot\unins000.exe (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3268288
                                                                                                                                        Entropy (8bit):6.42437824613569
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:UEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVsNK33389:E92bz2Eb6pd7B6bAGx7GY333K
                                                                                                                                        MD5:2498951C33DB1793078FDA96E0A95FEB
                                                                                                                                        SHA1:229B894BA2BE8EFC3D84438DE4ED23D3C9FCFC22
                                                                                                                                        SHA-256:5FA2FF5EDA3E98B26D0C84C4FD11F255FA07E97B5A9BBD046BFEF70854B0E3DF
                                                                                                                                        SHA-512:342F778D82DC3143A56897A6CC4B6AB652D328B51F6F387DDA7823E521B553C73626F0D82EE8B8F1C2CA512A188D03846652952A4EB97FFD49D759805EE4132E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,..t......`F,......P,...@...........................2.......2...@......@....................-......p-.29....-.h.............1..,....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...h.....-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                        C:\Program Files\NetSpot\unins000.msg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):24097
                                                                                                                                        Entropy (8bit):3.2749730459064845
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:b1EjNSCkf3SCqsTr6CCPanAG1tznL7VF+Iqfc51U5YQDztXfbKJG/Bfvo:b1EK6CHr6fSX+7Q1U5YQDztB/B3o
                                                                                                                                        MD5:313D0CC5D1A64D2565E35937991775A6
                                                                                                                                        SHA1:B8ACB11878C485865C9E4679248E53B83A8F3AD4
                                                                                                                                        SHA-256:5ED0233C0922E9F20307315E24B4F33C3D56AB9F42B2F75AE91E7A27FD313B66
                                                                                                                                        SHA-512:7C2DB4A3A4A8DF09F8119A7BA4CA9EBFE562F0A34D431928344E21A5853931EEFBFD910DC4026C6788AC22423BBB125F2B700326D8A1D82B134E2B486C3D0684
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:Inno Setup Messages (6.0.0) (u)......................................]..+..... .C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                        C:\Program Files\NetSpot\x64\Act.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4203200
                                                                                                                                        Entropy (8bit):6.538057204337256
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:JOjPW7rGltK1579/UKj2b6maTfn0c6IC5ERqsMywnyPqComoSBdsCXbIURR4APVG:/1LTf9HTPqesCsUjzYH5OmRn+x2L
                                                                                                                                        MD5:81933697FCC146F864206DA187AD1661
                                                                                                                                        SHA1:A7C80B15ACFA6EDD18C938C5E3FDB47C9813E27F
                                                                                                                                        SHA-256:96AF44284F985E5FF126CDEE630C1E1CC570AAAAE4BF6D544AFB4116DF6A4EB1
                                                                                                                                        SHA-512:A3633D7AA4A8B7522C6084F7A7866B69EE048C43461D3F7C7285B8FB105C48C356D4698890B329640597710FA92671F0AD3BC47D10D27BC3293D8FBD34DD7E2C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........JAP;+/.;+/.;+/./@,./+/.Uv*.=+/./@+..+/./@*..+/./@).9+/.i^+.*+/.i^,.0+/.i^*.D*/..p,.*+/..p+.}*/./@...+/.;+...(/..^&.<+/..^/.:+/..^..:+/..^-.:+/.Rich;+/.................PE..d....<.d.........." ......+..........$.......................................@.....y.@...`.........................................P.9. ...p.9.h.....?.......=.d.....?..,....?.......6.p....................!6.(.... 6.8.............+..............................text...O.+.......+................. ..`.rdata...m....+..n....+.............@..@.data....S...0:.......:.............@....pdata..d.....=.......<.............@..@_RDATA........?.......>.............@..@.rsrc.........?.......>.............@..@.reloc........?.......>.............@..B................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\MuPDFWrapper.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):41116352
                                                                                                                                        Entropy (8bit):7.444296351220754
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:786432:ul9y1XYftXNlNCxdpGIpPQXRUvoMo0h3248y4kkAWOQmrqykFqN:l6NORBvoMo0vGAmykk
                                                                                                                                        MD5:40133B56B4B48A574B2705EFBE6C9388
                                                                                                                                        SHA1:FF5CA38CC03110F27BD8BFB0C55F257AA63C201E
                                                                                                                                        SHA-256:55B16FEA4E923FC54E514AB867644B1833183E4E7BDC85C60B19FBE92D1FCEC0
                                                                                                                                        SHA-512:AAA962CE06FDCECC070F38224E8EB957C9BFBD6C97D8A4ACE8BC857F02795567FCB0DA0E3AD34BB601AE51002C32760A7EBE653A7247134172A3080630DEE9CC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.....{...{...{......{.....{.......{...x...{...~...{...z...{...z...{...z.Z.{...{...{.).s.i.{.).~...{.).{...{.).y...{.Rich..{.........................PE..d...b.ae.........." ...%..L..n&.......K.......................................t......\t...`..........................................su......wu.,.....s.......p......6s..,....s.0l....q.......................q.(.....q.@.............L.0............................text.....L.......L................. ..`.rdata....(...L...(...L.............@..@.data...@.....u..n....u.............@....pdata........p.......o.............@..@.rsrc.........s.......r.............@..@.reloc..0l....s..n....r.............@..B........................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\Predictive.Interop.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):202944
                                                                                                                                        Entropy (8bit):6.454167867106149
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:5h3ZynBkGgF7WOU8eP/gbG49GCZKiMhi6WvOdq+TT:59OC/yOlGgEieyOo+TT
                                                                                                                                        MD5:D8A3C49FEC15BDF9FCDE7F8B5F61DA28
                                                                                                                                        SHA1:1539B363F037851D1526381E705213F7A696D250
                                                                                                                                        SHA-256:989E9E27ED7D9994F79563535C7304FCB9B6CC30EA4099E63E64375D662C209B
                                                                                                                                        SHA-512:EF61F5AB5409C8234BD2AE58B6A6CD50A9CA61DB46344E5D0992A91263DD07BF11BAFBEFA3267A69F99014DDEF0EC8C08EB2789C3953FDFCF231B9021707206E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(../l.}|l.}|l.}|x.y}y.}|x.~}`.}|x.x}..}|x.|}o.}|l.||8.}|>.y}b.}|>.~}e.}|>.x}H.}|..t}e.}|..}}m.}|...|m.}|...}m.}|Richl.}|................PE..d......c.........." ........."...............................................@...........`.........................................0.......@...(.... ...................,...0......p...p...............................8...............0............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\SQLite.Interop.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1818816
                                                                                                                                        Entropy (8bit):6.5527189591965795
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:i9EeNSPwEW3cFSI4Tfm3hvbHsjAJcAMkP2:i9Nzm31PMo2
                                                                                                                                        MD5:23B6868D1E0BD113ED7E31BCC3F370A4
                                                                                                                                        SHA1:AB545D00D670A8C7019D13AD6393FAF30266BA49
                                                                                                                                        SHA-256:FDFD885C1D83312D58DFC0EEE34B9B222CC6F163465EF1383611D9A6E02BC363
                                                                                                                                        SHA-512:3B887470BE5AE9E6282118ABFD820CC638E2749EADFE5E57016120A5126E28CDA960D739AD6E61C359E8F42DFE9C6611363859A784EF692A085093AC89A8E02B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nN\.. ... ... .Q..... .Q...e. .Q..... ..Q#... ..Q%... ..Q$... .8..... ..].... ...!.~. .rQ(... .rQ ... .wQ.... .rQ"... .Rich.. .........................PE..d.....d.........." ................................................................4.....`.................................................P...x................!.......,...........@..p............................A...............................................text...0........................... ..`.rdata...1.......2..................@..@.data....`... ...J..................@....pdata...!......."...P..............@..@.gfids...............r..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\cygwin1.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3550832
                                                                                                                                        Entropy (8bit):6.057484246914659
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:98304:ddNxT//MZEfTo661la4qemEQW1u4QPuvtw5s6n4RfkGgk:djxT//q64vqG
                                                                                                                                        MD5:22AF5228082ED36235EF384EC82680DD
                                                                                                                                        SHA1:0C8A0E962DAEB5D4899A7C0C89EAEC515F5DFA0C
                                                                                                                                        SHA-256:669AF02B3E850FDB6CF8A5E2731398FD12942B81736B74DA9F558C898BC2D085
                                                                                                                                        SHA-512:8FC61B7E7C5EC8B51FC645D2AC83427B20CED489D227992186A302A57EC0C871C64F8BF4BD29EBB8BA5E3DCFDCC317EE475E6F1CED1C06BDCDB770FC9737D0D4
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.#...*.Cd....& ..........*......h........................................`......N6....... .........................................!}..../..3..../.......'.......6..,.......~...p'..............................................................................text...............................`.P`/4.......3.......4.................. .P..data...`h... ...j..................@.`..rdata.. ............j..............@.`@.buildid5....p'......>'.............@.0@.pdata........'......@'.............@.0@.xdata.......p(.......(.............@.0@.bss....0....`).......................`..edata..!}.......~....).............@.0@.reloc...~............).............@.0B/19..... ...../.......*.............@.`..idata...3..../..4....*.............@.0./38.........../.......*.............@.0B.rsrc........./.......*.............@.0..cygheap..0.../.......................0.........

                                                                                                                                        C:\Program Files\NetSpot\x64\iperf3.exe (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):480208
                                                                                                                                        Entropy (8bit):5.505765693735103
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:KHsLhhM7qPGcxtTKYLxk8gInktODp8mNNgPRvfyFJX+P:K4hM7cTF/nktODpdNgZvaFJOP
                                                                                                                                        MD5:95139F73164A85F1BC22D86F647314A1
                                                                                                                                        SHA1:4245EA0AB7E7281804420656343078F03181B5FF
                                                                                                                                        SHA-256:A1394AAE3C6FC1912753F1B58498FC4640C70A2BCEE25C0DBB99ADAE613FFD77
                                                                                                                                        SHA-512:8BDF40ED3C63467AF8E58A8946FFE90C195BD880C4715B03908CF6E91BF33FD08D8A0E8E70226E2AA89CABA8D550DBFDC32F6BF70048BDCD43490C9520D6308A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....)YW.J..b.....'..........z................@............................................... ......................................................................'...,..........................................................\... ............................text...............................`.P`.data........ ......................@.`..rdata..`D...0...F..................@.`@.buildid5............T..............@.0@.pdata...............V..............@.0@.xdata..<............b..............@.0@.bss..................................`..idata...............l..............@.0..rsrc................z..............@.0./4..................................@..B/19.................................@..B/31......5.......6...(..............@..B/45......J.......L...^..............@..B/57......2...0...2..................@.@B/70..........p......................@..B/81.....

                                                                                                                                        C:\Program Files\NetSpot\x64\is-2KT7S.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4203200
                                                                                                                                        Entropy (8bit):6.538057204337256
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:JOjPW7rGltK1579/UKj2b6maTfn0c6IC5ERqsMywnyPqComoSBdsCXbIURR4APVG:/1LTf9HTPqesCsUjzYH5OmRn+x2L
                                                                                                                                        MD5:81933697FCC146F864206DA187AD1661
                                                                                                                                        SHA1:A7C80B15ACFA6EDD18C938C5E3FDB47C9813E27F
                                                                                                                                        SHA-256:96AF44284F985E5FF126CDEE630C1E1CC570AAAAE4BF6D544AFB4116DF6A4EB1
                                                                                                                                        SHA-512:A3633D7AA4A8B7522C6084F7A7866B69EE048C43461D3F7C7285B8FB105C48C356D4698890B329640597710FA92671F0AD3BC47D10D27BC3293D8FBD34DD7E2C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........JAP;+/.;+/.;+/./@,./+/.Uv*.=+/./@+..+/./@*..+/./@).9+/.i^+.*+/.i^,.0+/.i^*.D*/..p,.*+/..p+.}*/./@...+/.;+...(/..^&.<+/..^/.:+/..^..:+/..^-.:+/.Rich;+/.................PE..d....<.d.........." ......+..........$.......................................@.....y.@...`.........................................P.9. ...p.9.h.....?.......=.d.....?..,....?.......6.p....................!6.(.... 6.8.............+..............................text...O.+.......+................. ..`.rdata...m....+..n....+.............@..@.data....S...0:.......:.............@....pdata..d.....=.......<.............@..@_RDATA........?.......>.............@..@.rsrc.........?.......>.............@..@.reloc........?.......>.............@..B................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\is-9LFKI.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1818816
                                                                                                                                        Entropy (8bit):6.5527189591965795
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:i9EeNSPwEW3cFSI4Tfm3hvbHsjAJcAMkP2:i9Nzm31PMo2
                                                                                                                                        MD5:23B6868D1E0BD113ED7E31BCC3F370A4
                                                                                                                                        SHA1:AB545D00D670A8C7019D13AD6393FAF30266BA49
                                                                                                                                        SHA-256:FDFD885C1D83312D58DFC0EEE34B9B222CC6F163465EF1383611D9A6E02BC363
                                                                                                                                        SHA-512:3B887470BE5AE9E6282118ABFD820CC638E2749EADFE5E57016120A5126E28CDA960D739AD6E61C359E8F42DFE9C6611363859A784EF692A085093AC89A8E02B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nN\.. ... ... .Q..... .Q...e. .Q..... ..Q#... ..Q%... ..Q$... .8..... ..].... ...!.~. .rQ(... .rQ ... .wQ.... .rQ"... .Rich.. .........................PE..d.....d.........." ................................................................4.....`.................................................P...x................!.......,...........@..p............................A...............................................text...0........................... ..`.rdata...1.......2..................@..@.data....`... ...J..................@....pdata...!......."...P..............@..@.gfids...............r..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\is-MK85Q.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):41116352
                                                                                                                                        Entropy (8bit):7.444296351220754
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:786432:ul9y1XYftXNlNCxdpGIpPQXRUvoMo0h3248y4kkAWOQmrqykFqN:l6NORBvoMo0vGAmykk
                                                                                                                                        MD5:40133B56B4B48A574B2705EFBE6C9388
                                                                                                                                        SHA1:FF5CA38CC03110F27BD8BFB0C55F257AA63C201E
                                                                                                                                        SHA-256:55B16FEA4E923FC54E514AB867644B1833183E4E7BDC85C60B19FBE92D1FCEC0
                                                                                                                                        SHA-512:AAA962CE06FDCECC070F38224E8EB957C9BFBD6C97D8A4ACE8BC857F02795567FCB0DA0E3AD34BB601AE51002C32760A7EBE653A7247134172A3080630DEE9CC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.....{...{...{......{.....{.......{...x...{...~...{...z...{...z...{...z.Z.{...{...{.).s.i.{.).~...{.).{...{.).y...{.Rich..{.........................PE..d...b.ae.........." ...%..L..n&.......K.......................................t......\t...`..........................................su......wu.,.....s.......p......6s..,....s.0l....q.......................q.(.....q.@.............L.0............................text.....L.......L................. ..`.rdata....(...L...(...L.............@..@.data...@.....u..n....u.............@....pdata........p.......o.............@..@.rsrc.........s.......r.............@..@.reloc..0l....s..n....r.............@..B........................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\is-Q4QCI.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):202944
                                                                                                                                        Entropy (8bit):6.454167867106149
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:5h3ZynBkGgF7WOU8eP/gbG49GCZKiMhi6WvOdq+TT:59OC/yOlGgEieyOo+TT
                                                                                                                                        MD5:D8A3C49FEC15BDF9FCDE7F8B5F61DA28
                                                                                                                                        SHA1:1539B363F037851D1526381E705213F7A696D250
                                                                                                                                        SHA-256:989E9E27ED7D9994F79563535C7304FCB9B6CC30EA4099E63E64375D662C209B
                                                                                                                                        SHA-512:EF61F5AB5409C8234BD2AE58B6A6CD50A9CA61DB46344E5D0992A91263DD07BF11BAFBEFA3267A69F99014DDEF0EC8C08EB2789C3953FDFCF231B9021707206E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(../l.}|l.}|l.}|x.y}y.}|x.~}`.}|x.x}..}|x.|}o.}|l.||8.}|>.y}b.}|>.~}e.}|>.x}H.}|..t}e.}|..}}m.}|...|m.}|...}m.}|Richl.}|................PE..d......c.........." ........."...............................................@...........`.........................................0.......@...(.... ...................,...0......p...p...............................8...............0............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x64\is-QSS20.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3550832
                                                                                                                                        Entropy (8bit):6.057484246914659
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:98304:ddNxT//MZEfTo661la4qemEQW1u4QPuvtw5s6n4RfkGgk:djxT//q64vqG
                                                                                                                                        MD5:22AF5228082ED36235EF384EC82680DD
                                                                                                                                        SHA1:0C8A0E962DAEB5D4899A7C0C89EAEC515F5DFA0C
                                                                                                                                        SHA-256:669AF02B3E850FDB6CF8A5E2731398FD12942B81736B74DA9F558C898BC2D085
                                                                                                                                        SHA-512:8FC61B7E7C5EC8B51FC645D2AC83427B20CED489D227992186A302A57EC0C871C64F8BF4BD29EBB8BA5E3DCFDCC317EE475E6F1CED1C06BDCDB770FC9737D0D4
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.#...*.Cd....& ..........*......h........................................`......N6....... .........................................!}..../..3..../.......'.......6..,.......~...p'..............................................................................text...............................`.P`/4.......3.......4.................. .P..data...`h... ...j..................@.`..rdata.. ............j..............@.`@.buildid5....p'......>'.............@.0@.pdata........'......@'.............@.0@.xdata.......p(.......(.............@.0@.bss....0....`).......................`..edata..!}.......~....).............@.0@.reloc...~............).............@.0B/19..... ...../.......*.............@.`..idata...3..../..4....*.............@.0./38.........../.......*.............@.0B.rsrc........./.......*.............@.0..cygheap..0.../.......................0.........

                                                                                                                                        C:\Program Files\NetSpot\x64\is-S8PNU.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):480208
                                                                                                                                        Entropy (8bit):5.505765693735103
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:KHsLhhM7qPGcxtTKYLxk8gInktODp8mNNgPRvfyFJX+P:K4hM7cTF/nktODpdNgZvaFJOP
                                                                                                                                        MD5:95139F73164A85F1BC22D86F647314A1
                                                                                                                                        SHA1:4245EA0AB7E7281804420656343078F03181B5FF
                                                                                                                                        SHA-256:A1394AAE3C6FC1912753F1B58498FC4640C70A2BCEE25C0DBB99ADAE613FFD77
                                                                                                                                        SHA-512:8BDF40ED3C63467AF8E58A8946FFE90C195BD880C4715B03908CF6E91BF33FD08D8A0E8E70226E2AA89CABA8D550DBFDC32F6BF70048BDCD43490C9520D6308A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....)YW.J..b.....'..........z................@............................................... ......................................................................'...,..........................................................\... ............................text...............................`.P`.data........ ......................@.`..rdata..`D...0...F..................@.`@.buildid5............T..............@.0@.pdata...............V..............@.0@.xdata..<............b..............@.0@.bss..................................`..idata...............l..............@.0..rsrc................z..............@.0./4..................................@..B/19.................................@..B/31......5.......6...(..............@..B/45......J.......L...^..............@..B/57......2...0...2..................@.@B/70..........p......................@..B/81.....

                                                                                                                                        C:\Program Files\NetSpot\x86\Act.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2954432
                                                                                                                                        Entropy (8bit):6.724592379467166
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:0aeCyNY7ZWg/dOwtcFZnMgv89DgSe+NgaZoVZXiq6PEmKv0fiQDCYiuuSOMB0OMV:0aeC+Ytx/xtQpMgvcDgSe+MZmKv0f3Do
                                                                                                                                        MD5:3319CC10145770367CBD055F22EDED16
                                                                                                                                        SHA1:3D6BFBBEF95BE7FB581FF7B07519B5B31923B8B6
                                                                                                                                        SHA-256:1C045E6F9812932DDB7633429B00F0058FF88DF3FAB3413C70AC0174E67282A5
                                                                                                                                        SHA-512:88DD6D0B971310459B32F951A70E5C7834C2327F19CCC4456FAA14D20FE7E8774461CC0B1C43568937D26323DBB0C5A368A3552F669EDDE46FD5DF0E92764E0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2...S...S...S...8...S.......S...8...S...8..BS...8...S...&...S...&...S...&...R.......R...8...S...S...P..Q&...S..Q&...S..Q&...S..Q&...S..Rich.S..........PE..L....<.d...........!......!...................!...............................-.......-...@..........................). .....).h.....*...............,..,....*.......'.p.....................'.....(.'.@.............!..............................text.....!.......!................. ..`.rdata..,2....!..4....!.............@..@.data...H.....*..z....).............@....rsrc.........*......T*.............@..@.reloc........*......V*.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\MuPDFWrapper.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):39761600
                                                                                                                                        Entropy (8bit):7.464737212778467
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:786432:wVkVEenaDPZXeyP2mqx3TftXNlNCxdpGIpPQXRUvoMo0h3248y4kkAWOu:wVkVetOyPQNNORBvoMo0vG1
                                                                                                                                        MD5:DE9BF284A966A9120EA8D570F5C90572
                                                                                                                                        SHA1:A78AF306306A7E295B28B40453FD28665E4D9AEA
                                                                                                                                        SHA-256:ED514AA6C387B3A0286ADD6E3ABF0A1DDA7E1FE52DA0ABA1E944F840A30A899F
                                                                                                                                        SHA-512:658087F4C35723C6B4ACE6E3B3047F8C85BB63DF5B4686EBF8B3E93B309DA83631C044A3236368B673F5DFC256FCD375F435BA60F2C7E38DFCF2FFF41F268158
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........|../../../..p/../.../../....../....../....../....../....../../../../s../....i../....b../....../....../....../Rich../........................PE..L.....de...........!.....B>..D .....\.=......`>..............................P_......._...@...........................a.....(.a...... ]...............^..,...0].0....Ka......................La......Ka.@............`>..............................text...v@>......B>................. ..`.rdata....#..`>...#..F>.............@..@.data........ b..p....b.............@....rsrc........ ]......v\.............@..@.reloc..0....0]......x\.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\Predictive.Interop.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):163008
                                                                                                                                        Entropy (8bit):6.733955043981106
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:1ivMhVQbqkPmlo6Vxmw0+5LSdubGaupCrcT4Uij98sfZM+1:gvr+0otVxmIpSdpaNz8yZM+1
                                                                                                                                        MD5:3E5A1886DAA8E9C616B26C385B4CCCB5
                                                                                                                                        SHA1:9F14AD21B484838D39A34572AF9B09A06B76165E
                                                                                                                                        SHA-256:AD78AE7A9CA944BAE7B1C69B8C3195DE6564F73E5162105FB1FE8B8D552757AC
                                                                                                                                        SHA-512:F5D55E0C11F22CCC1E304FBF2F78637C02547C4BB254382402FB474398C431BA61FC0B91E40B4B52EE9150FD0347A256170C8B32AE3B796F0A3C71AA5796A698
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SZ...;...;...;...P...;...P..;...P...;...P...;...;..G;..EN...;..EN...;..EN..4;...N...;...N...;...NP..;...N...;..Rich.;..................PE..L......c...........!......................................................................@..........................7.......:..(....p...............P...,...........'..p........................... (..@............................................text.............................. ..`.rdata..............................@..@.data...L....P......................@....rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\SQLite.Interop.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1437376
                                                                                                                                        Entropy (8bit):6.782956705972124
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:bs5ThI+vIjDEzn7tcBGtYnxLbdVlRdouD5RawYkGq78Yr4i9YE1tOvhefHXCvEsA:GlI+vIjE7mjOuKa8Riy+gvhaIn2+0b
                                                                                                                                        MD5:9D5B23129814F7BF75EEF40959D8E0B8
                                                                                                                                        SHA1:271BA551860020133D2676AC7D74124D9D8084FE
                                                                                                                                        SHA-256:C7CD79A8C8AA4D88ED55373E76BFB317E0C5948C16BA4FF6B4F89E2C8BF94B13
                                                                                                                                        SHA-512:09DFF134E10F729EB551F578276C58B9EDA29B2AA7BC1D4EFB30632260CDC0B10B0FEC02286E19C65C907E1739A93610117F6277496FCCCCADFAA570755CD79C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..{2..(2..(2..(.*W(...(.*U(...(.*T(...(..)%..(..)'..(..)=..(.Im(:..(,.5(1..(2..(...(..)3..(..)3..(..Y(3..(..)3..(Rich2..(........PE..L.....d...........!.....f...X.......................................................E....@.........................P...t.......x....`...................,...p..X...@...p...............................@...............H............................text....d.......f.................. ..`.rdata..............j..............@..@.data....8.......,..................@....gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..X....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\cyggcc_s-1.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):121568
                                                                                                                                        Entropy (8bit):6.488535113892924
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:D+1YCB+Tbo20ERlvTg3c6ZbRfwxrWCJeHVh/LjWfUycmfLfxrDh+QxMt:WJyo2zlvT0Z9sqlZjpmNrDh+B
                                                                                                                                        MD5:E730A3C232AFB8D3307392822F25F527
                                                                                                                                        SHA1:026C60A10F5EF1015F2A0DEED36D982BB571D492
                                                                                                                                        SHA-256:70BFF916FA1615B518BA07597FBDB099508E1809B063ADAB8198B2A1A41F4698
                                                                                                                                        SHA-512:89513C137369405E4F15533EE4859FB6ED18323774789D004E08CD26DB38FD8B0D051F1B9FB0169FA3B7824A467A504531C39FA570619D0431E46EAD4CE45DBA
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....YW...........!.....H...........M.......`.....[......................... .......U........ .........................[.......T................... ....,......x.......................................................p............................text....F.......H..................`.P`.data...D....`.......L..............@.`..rdata.......p.......N..............@.`@.buildid5............d..............@.0@/4.......,...........f..............@.0@.bss....L.............................`..edata..[...........................@.0@.idata..T...........................@.0..reloc..x...........................@.0B/14.................................@.0B................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\cygwin1.dll (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3668040
                                                                                                                                        Entropy (8bit):6.2351650994473475
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:98304:3JlpIWr2Sl260E9HmeJL/BD6wRqIXKu4Eg0b1u4QP5BgJJxvTEPvzr:5fBVNDBRqIXK7r
                                                                                                                                        MD5:7376BF03C21A2252439E2CAF5E2ED6BA
                                                                                                                                        SHA1:36FC432EC8D2DBFC980130E187858BD913FE3D41
                                                                                                                                        SHA-256:5EF468F14407C16627C0DBB1086DC55FDAA55CC9E793FF0D3CB31F85AD5C198A
                                                                                                                                        SHA-512:549AA1143D9EFDED4E4E959AC0274D82D218D1DFFF487B3737B6B77B7D742EA1CEBBE92FDE62C1F5C1FAE381B5FECAA45D381905FD4FCF86B5CF90F21D831D45
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........-.*\.....!.....h....,....................a..........................R.......8....... ...............................1..)....1...............7..,...0/.4.....%..............................................................................text...|H.......J..................`.``/4...........`.......N.............. .@..data................l..............@.`..rdata..8t...p...v...V..............@.`@.buildid5.....%.......%.............@.0@/19...........&.......%.............@.0@.bss..........).......................`..edata................).............@.0@.reloc..4....0/......d*.............@.0B/29.......... 1......N,.............@.`..idata...)....1..*....,.............@.0./48...........1.......,.............@.0B.rsrc.........1.......,.............@.0..cygheap.. ...2.......................0.................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\iperf3.exe (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):411104
                                                                                                                                        Entropy (8bit):5.975580045905282
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:KSwgn2zo8LYIf8KU9Nd5NLMNNO/UbJOfuxMtcM+8loqLZasE+b7:KSwG2zRS9NfNLMN4UIfQMtcMXIszn
                                                                                                                                        MD5:F9F9B2CC233E1D6C3EE9824A2A65DE63
                                                                                                                                        SHA1:0AB051390A042B9BA92B9872458639CBA126266D
                                                                                                                                        SHA-256:2339CDFB65F217642BA06FB0EC0B75B851F08C6D55E458565E00B354904555D6
                                                                                                                                        SHA-512:588BE994C1C9D41EBE36E3BF3D884B7894ECBD0F2676251D3C1274861CF38B5A892F29F414F86444CF2DD948AA6BE743E9911CBADD7EC2CB05566682C022FD18
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O5YW.J........'.......................... ....@.................................yj........ ..................................................... ....,...........................................................................................text...t...........................`.P`.data........ ......................@.`..rdata..8@...0...B..................@.`@.buildid5............L..............@.0@/4.......,...........N..............@.0@.bss....|.............................`..idata...............|..............@.0..rsrc...............................@.0./14.....8...........................@..B/29.....p...........................@..B/41.....e5.......6..................@..B/55......I.......J...L..............@..B/67.....A.... ......................@..B/78.....~....@......................@..B/89..................@..............@..B........................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-D8NFU.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):163008
                                                                                                                                        Entropy (8bit):6.733955043981106
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:1ivMhVQbqkPmlo6Vxmw0+5LSdubGaupCrcT4Uij98sfZM+1:gvr+0otVxmIpSdpaNz8yZM+1
                                                                                                                                        MD5:3E5A1886DAA8E9C616B26C385B4CCCB5
                                                                                                                                        SHA1:9F14AD21B484838D39A34572AF9B09A06B76165E
                                                                                                                                        SHA-256:AD78AE7A9CA944BAE7B1C69B8C3195DE6564F73E5162105FB1FE8B8D552757AC
                                                                                                                                        SHA-512:F5D55E0C11F22CCC1E304FBF2F78637C02547C4BB254382402FB474398C431BA61FC0B91E40B4B52EE9150FD0347A256170C8B32AE3B796F0A3C71AA5796A698
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SZ...;...;...;...P...;...P..;...P...;...P...;...;..G;..EN...;..EN...;..EN..4;...N...;...N...;...NP..;...N...;..Rich.;..................PE..L......c...........!......................................................................@..........................7.......:..(....p...............P...,...........'..p........................... (..@............................................text.............................. ..`.rdata..............................@..@.data...L....P......................@....rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-HC4RP.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2954432
                                                                                                                                        Entropy (8bit):6.724592379467166
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:0aeCyNY7ZWg/dOwtcFZnMgv89DgSe+NgaZoVZXiq6PEmKv0fiQDCYiuuSOMB0OMV:0aeC+Ytx/xtQpMgvcDgSe+MZmKv0f3Do
                                                                                                                                        MD5:3319CC10145770367CBD055F22EDED16
                                                                                                                                        SHA1:3D6BFBBEF95BE7FB581FF7B07519B5B31923B8B6
                                                                                                                                        SHA-256:1C045E6F9812932DDB7633429B00F0058FF88DF3FAB3413C70AC0174E67282A5
                                                                                                                                        SHA-512:88DD6D0B971310459B32F951A70E5C7834C2327F19CCC4456FAA14D20FE7E8774461CC0B1C43568937D26323DBB0C5A368A3552F669EDDE46FD5DF0E92764E0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2...S...S...S...8...S.......S...8...S...8..BS...8...S...&...S...&...S...&...R.......R...8...S...S...P..Q&...S..Q&...S..Q&...S..Q&...S..Rich.S..........PE..L....<.d...........!......!...................!...............................-.......-...@..........................). .....).h.....*...............,..,....*.......'.p.....................'.....(.'.@.............!..............................text.....!.......!................. ..`.rdata..,2....!..4....!.............@..@.data...H.....*..z....).............@....rsrc.........*......T*.............@..@.reloc........*......V*.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-MLUMD.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):411104
                                                                                                                                        Entropy (8bit):5.975580045905282
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:KSwgn2zo8LYIf8KU9Nd5NLMNNO/UbJOfuxMtcM+8loqLZasE+b7:KSwG2zRS9NfNLMN4UIfQMtcMXIszn
                                                                                                                                        MD5:F9F9B2CC233E1D6C3EE9824A2A65DE63
                                                                                                                                        SHA1:0AB051390A042B9BA92B9872458639CBA126266D
                                                                                                                                        SHA-256:2339CDFB65F217642BA06FB0EC0B75B851F08C6D55E458565E00B354904555D6
                                                                                                                                        SHA-512:588BE994C1C9D41EBE36E3BF3D884B7894ECBD0F2676251D3C1274861CF38B5A892F29F414F86444CF2DD948AA6BE743E9911CBADD7EC2CB05566682C022FD18
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O5YW.J........'.......................... ....@.................................yj........ ..................................................... ....,...........................................................................................text...t...........................`.P`.data........ ......................@.`..rdata..8@...0...B..................@.`@.buildid5............L..............@.0@/4.......,...........N..............@.0@.bss....|.............................`..idata...............|..............@.0..rsrc...............................@.0./14.....8...........................@..B/29.....p...........................@..B/41.....e5.......6..................@..B/55......I.......J...L..............@..B/67.....A.... ......................@..B/78.....~....@......................@..B/89..................@..............@..B........................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-OLDS2.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):121568
                                                                                                                                        Entropy (8bit):6.488535113892924
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:D+1YCB+Tbo20ERlvTg3c6ZbRfwxrWCJeHVh/LjWfUycmfLfxrDh+QxMt:WJyo2zlvT0Z9sqlZjpmNrDh+B
                                                                                                                                        MD5:E730A3C232AFB8D3307392822F25F527
                                                                                                                                        SHA1:026C60A10F5EF1015F2A0DEED36D982BB571D492
                                                                                                                                        SHA-256:70BFF916FA1615B518BA07597FBDB099508E1809B063ADAB8198B2A1A41F4698
                                                                                                                                        SHA-512:89513C137369405E4F15533EE4859FB6ED18323774789D004E08CD26DB38FD8B0D051F1B9FB0169FA3B7824A467A504531C39FA570619D0431E46EAD4CE45DBA
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....YW...........!.....H...........M.......`.....[......................... .......U........ .........................[.......T................... ....,......x.......................................................p............................text....F.......H..................`.P`.data...D....`.......L..............@.`..rdata.......p.......N..............@.`@.buildid5............d..............@.0@/4.......,...........f..............@.0@.bss....L.............................`..edata..[...........................@.0@.idata..T...........................@.0..reloc..x...........................@.0B/14.................................@.0B................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-SMHRU.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):39761600
                                                                                                                                        Entropy (8bit):7.464737212778467
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:786432:wVkVEenaDPZXeyP2mqx3TftXNlNCxdpGIpPQXRUvoMo0h3248y4kkAWOu:wVkVetOyPQNNORBvoMo0vG1
                                                                                                                                        MD5:DE9BF284A966A9120EA8D570F5C90572
                                                                                                                                        SHA1:A78AF306306A7E295B28B40453FD28665E4D9AEA
                                                                                                                                        SHA-256:ED514AA6C387B3A0286ADD6E3ABF0A1DDA7E1FE52DA0ABA1E944F840A30A899F
                                                                                                                                        SHA-512:658087F4C35723C6B4ACE6E3B3047F8C85BB63DF5B4686EBF8B3E93B309DA83631C044A3236368B673F5DFC256FCD375F435BA60F2C7E38DFCF2FFF41F268158
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........|../../../..p/../.../../....../....../....../....../....../../../../s../....i../....b../....../....../....../Rich../........................PE..L.....de...........!.....B>..D .....\.=......`>..............................P_......._...@...........................a.....(.a...... ]...............^..,...0].0....Ka......................La......Ka.@............`>..............................text...v@>......B>................. ..`.rdata....#..`>...#..F>.............@..@.data........ b..p....b.............@....rsrc........ ]......v\.............@..@.reloc..0....0]......x\.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-UFOD4.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1437376
                                                                                                                                        Entropy (8bit):6.782956705972124
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:bs5ThI+vIjDEzn7tcBGtYnxLbdVlRdouD5RawYkGq78Yr4i9YE1tOvhefHXCvEsA:GlI+vIjE7mjOuKa8Riy+gvhaIn2+0b
                                                                                                                                        MD5:9D5B23129814F7BF75EEF40959D8E0B8
                                                                                                                                        SHA1:271BA551860020133D2676AC7D74124D9D8084FE
                                                                                                                                        SHA-256:C7CD79A8C8AA4D88ED55373E76BFB317E0C5948C16BA4FF6B4F89E2C8BF94B13
                                                                                                                                        SHA-512:09DFF134E10F729EB551F578276C58B9EDA29B2AA7BC1D4EFB30632260CDC0B10B0FEC02286E19C65C907E1739A93610117F6277496FCCCCADFAA570755CD79C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..{2..(2..(2..(.*W(...(.*U(...(.*T(...(..)%..(..)'..(..)=..(.Im(:..(,.5(1..(2..(...(..)3..(..)3..(..Y(3..(..)3..(Rich2..(........PE..L.....d...........!.....f...X.......................................................E....@.........................P...t.......x....`...................,...p..X...@...p...............................@...............H............................text....d.......f.................. ..`.rdata..............j..............@..@.data....8.......,..................@....gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..X....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                        C:\Program Files\NetSpot\x86\is-VVTAO.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3668040
                                                                                                                                        Entropy (8bit):6.2351650994473475
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:98304:3JlpIWr2Sl260E9HmeJL/BD6wRqIXKu4Eg0b1u4QP5BgJJxvTEPvzr:5fBVNDBRqIXK7r
                                                                                                                                        MD5:7376BF03C21A2252439E2CAF5E2ED6BA
                                                                                                                                        SHA1:36FC432EC8D2DBFC980130E187858BD913FE3D41
                                                                                                                                        SHA-256:5EF468F14407C16627C0DBB1086DC55FDAA55CC9E793FF0D3CB31F85AD5C198A
                                                                                                                                        SHA-512:549AA1143D9EFDED4E4E959AC0274D82D218D1DFFF487B3737B6B77B7D742EA1CEBBE92FDE62C1F5C1FAE381B5FECAA45D381905FD4FCF86B5CF90F21D831D45
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........-.*\.....!.....h....,....................a..........................R.......8....... ...............................1..)....1...............7..,...0/.4.....%..............................................................................text...|H.......J..................`.``/4...........`.......N.............. .@..data................l..............@.`..rdata..8t...p...v...V..............@.`@.buildid5.....%.......%.............@.0@/19...........&.......%.............@.0@.bss..........).......................`..edata................).............@.0@.reloc..4....0/......d*.............@.0B/29.......... 1......N,.............@.`..idata...)....1..*....,.............@.0./48...........1.......,.............@.0B.rsrc.........1.......,.............@.0..cygheap.. ...2.......................0.................................................................

                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpot\NetSpot.lnk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 11:17:52 2024, mtime=Mon Sep 30 11:17:52 2024, atime=Thu Jan 25 20:29:34 2024, length=463552, window=hide
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):855
                                                                                                                                        Entropy (8bit):4.540961556592192
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:8mF96vd5q/ZbnlX/K7lB/mR8ApEzKQWdi/y/mmdi/qjBm:8mqvdMZ5XmneR7pEfWdiqemdiS
                                                                                                                                        MD5:C09CDC5F0190457E36DC0EB3B8F65A47
                                                                                                                                        SHA1:4935465F5D2595DDF87C937F5B44F99BE6E88C35
                                                                                                                                        SHA-256:51E466BC4990F2754A2EC3B7703F3F87E55020A0BEEF2635BCA98238AD866557
                                                                                                                                        SHA-512:355BFC32360EA5D15ADB7668D80E4FADEB1FE55AA67901961EF3485E6D5157FFE8C78A437971A6AD9346ABEA1DD2AE8CBFE2089FD8817D405E7694D9A1138E35
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:L..................F.... ...h..2....>..2....3..O..........................s....P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.IDWR`....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1.....>YAb..NetSpot.@......>Y9b>YAb..........................Eb..N.e.t.S.p.o.t.....b.2.....9X.. .NetSpot.exe.H......>Y;b>Y;b....s.........................N.e.t.S.p.o.t...e.x.e.......S...............-.......R............d.J.....C:\Program Files\NetSpot\NetSpot.exe..3.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.\.N.e.t.S.p.o.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.`.......X.......562258...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpot\Uninstall NetSpot.lnk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 11:17:48 2024, mtime=Mon Sep 30 11:17:48 2024, atime=Mon Sep 30 11:17:44 2024, length=3268288, window=hide
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):988
                                                                                                                                        Entropy (8bit):4.507634657235827
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:8fq2d5q/ZbnlX/oYhks9JQA6rEzZl8lfudi/u1di/qwy1Bm:8fbdMZ5XAYhtJn6rEP8lGdi21di3yT
                                                                                                                                        MD5:69B3C07435AB0FF2016083EB7F5211A3
                                                                                                                                        SHA1:25667508C16A415328568115B2BDEBC1FA3F902D
                                                                                                                                        SHA-256:2E6683DD353F31D12510B390EF4FA81D3A28C95703E46AD1BF7A3E255D2CE529
                                                                                                                                        SHA-512:4A4D775A40B61A67A20975C9A8ACDAF088BFBD870F15A84A36F3740B7365D0995E0109837CF16B411E7C2EDB9379A265FEF30C2A8E107BFB436F1E58F8D27B03
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:L..................F.... .......2.......2....=..2.....1.....................w....P.O. .:i.....+00.../C:\.....................1.....>Y9b..PROGRA~1..t......O.I>YAb....B...............J......&..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1.....>YAb..NetSpot.@......>Y9b>YAb..........................Eb..N.e.t.S.p.o.t.....f.2...1.>Y7b .unins000.exe..J......>Y9b>Y9b............................&.u.n.i.n.s.0.0.0...e.x.e.......T...............-.......S............d.J.....C:\Program Files\NetSpot\unins000.exe..>.C.o.m.p.l.e.t.e.l.y. .r.e.m.o.v.e.s. .t.h.e. .i.n.s.t.a.l.l.e.d. .a.p.p.l.i.c.a.t.i.o.n. .f.r.o.m. .y.o.u.r. .s.y.s.t.e.m...4.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.\.u.n.i.n.s.0.0.0...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.`.......X.......562258...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                        C:\Users\Public\Desktop\NetSpot.lnk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Sep 30 11:17:52 2024, mtime=Mon Sep 30 11:18:00 2024, atime=Thu Jan 25 20:29:34 2024, length=463552, window=hide
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1715
                                                                                                                                        Entropy (8bit):3.1346467673075
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:8XdMZ5XmneR7pEsidiqemdildiqekdiqeZ:8aZgONE
                                                                                                                                        MD5:7B43CF74A101321E21247248A531D22C
                                                                                                                                        SHA1:DC39C9F89C3AB1DFD7CDB4D9FDC8F820A745E9B2
                                                                                                                                        SHA-256:0E24127F01FC57ABB2F04B645DABC100A5915DDE5F03141F142158E719BE7554
                                                                                                                                        SHA-512:2A51B07A5A6037F0BBD4FD90D4A02716D68E3FFB5B92B581E40FA77EAA75DDC0B2E718FB60571A81B95378223B794A5E788ED23C4A4B6FBE8E7A45D0433E4EC1
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:L..................F.@.. ...h..2....=..2....3..O..........................s....P.O. .:i.....+00.../C:\.....................1.....>Y9b..PROGRA~1..t......O.I>YAb....B...............J......&..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1.....>YAb..NetSpot.@......>Y9b>YAb..........................Eb..N.e.t.S.p.o.t.....b.2.....9X.. .NetSpot.exe.H......>Y;b>Y;b....s.........................N.e.t.S.p.o.t...e.x.e.......S...............-.......R............d.J.....C:\Program Files\NetSpot\NetSpot.exe....N.e.t.S.p.o.t.*.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.\.N.e.t.S.p.o.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.e.t.S.p.o.t.\.N.e.t.S.p.o.t...e.x.e.........%SystemDrive%\Program Files\NetSpot\NetSpot.exe...........................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\5ktvpi1j.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2953
                                                                                                                                        Entropy (8bit):4.651591331411073
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:crr7HKM7HqO6EAnmeEz4+R/BpfE0D4fHP8dsIqpJnfCP8dXP8d+:ur757KEAnHEsaBREAc2FqXfhG+
                                                                                                                                        MD5:077BF1F6E1DC665395363F30BB5F1CD2
                                                                                                                                        SHA1:4B3CA9B31E607840A2459107BEC4AEC4DB447FD1
                                                                                                                                        SHA-256:90D36E4B382D55E452C63B615002F3991098384E30424864ED330374A9A794EF
                                                                                                                                        SHA-512:3911F9FCE4BFA20E041EF19305878550924108A0F5F6D43C5C92C81D0324738EAB5FCAD0C915F5C145F071D2190FB598AF216EA1BBC40F496A5EBA9F1E125F94
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="MapUnitTypeCurrent" serializeAs="String">.. <value>Meters</value>.. </setting>.. <setting name="AdapterIdentityCurrentGuid" serializeAs="String">.. <value>00000000-0000-0000-0000-0000000

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\ajks2tjb.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):7786
                                                                                                                                        Entropy (8bit):4.416403222254986
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:ur757KEAnHEsaBREAc2FqXfhGsCeknPn7vpn1lzZf9pnvGnCnk2ngnboUryjwzm2:ur757DSwPLmCmnb
                                                                                                                                        MD5:17678C2154F9EDFE4835E471C8932343
                                                                                                                                        SHA1:F6551D9B8AD6E15E14F56545CBA3B1FD1461582E
                                                                                                                                        SHA-256:2EF84167BD3ACC0AF793418D6CB846588C493372BB66CE68506627FF4C9BEE4D
                                                                                                                                        SHA-512:6B9E8CAED155C61D4D509F6C5A41DFAF09F950E6D3BFE60D57F3C694CDEF6EED9AA5808AD73502407C752C237428588C947C480B6672C5A08FD5DA45ADACC5ED
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="MapUnitTypeCurrent" serializeAs="String">.. <value>Meters</value>.. </setting>.. <setting name="AdapterIdentityCurrentGuid" serializeAs="String">.. <value>00000000-0000-0000-0000-0000000

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\krjc0po1.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):816
                                                                                                                                        Entropy (8bit):4.906962905855149
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TMHdGGqt1s26K9BQvDLI4MWiO69Ams26K9YG6DLI4MWivBRVcXHhuGnO6mOZ6ENZ:2dqIK07E449A7K6E4Ev+XDH6EKpnvFM
                                                                                                                                        MD5:BC08F32360FB3833E6E54A3F7CEB8AA4
                                                                                                                                        SHA1:57095099DDA91BC397373EF76A60C0CBF5EB6B96
                                                                                                                                        SHA-256:5CA7B6A555A3ACC55E56C5F14D7B0E0168F02DB532ABCDF5D927E17D0DF2A026
                                                                                                                                        SHA-512:410214DBEC867D75F938C750B8CE086191E7A3443048C3BB241DCFC3DD01F0DDEDB85FE3FB4150F6420C1CF85EE7564C93A9C10163764B59F4E02CD27710D7F2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. </NetSpot.Properties.BaseSettings>.. </userSettings>..</configuration>

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\ly3x53tm.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2677
                                                                                                                                        Entropy (8bit):4.644210041908206
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:crr7HKM7HqO6EAnmeEz4+R/BpfE0D4fHP8dsIqpJnfCP8d+:ur757KEAnHEsaBREAc2FqXfh+
                                                                                                                                        MD5:83B44D356EF22E6F13A0584177E40233
                                                                                                                                        SHA1:CF5BAADCAD0D916BA51183AD8888E9FBBCC8DCC0
                                                                                                                                        SHA-256:8EBA6B6C8994777BAE444045EB753180784C042E03F4259B838B53C1C8EBECA6
                                                                                                                                        SHA-512:4873D9AD53336610ED06067FB06DBBFE3266771E7186F3707516CF54BB38336553D17A4408E67E57DCC4840D890D26895F075A3B95E8269AEA5298E83F94A29C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="MapUnitTypeCurrent" serializeAs="String">.. <value>Meters</value>.. </setting>.. <setting name="AdapterIdentityCurrentGuid" serializeAs="String">.. <value>00000000-0000-0000-0000-0000000

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\mxulld44.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1682
                                                                                                                                        Entropy (8bit):4.649042093969717
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:2dqIK07E449A7K6E4Ev+XDH6EKpnv+evaXzf5avWR/vJpfvaXUPDvAfvFM:crr7HKM7HqO6EAnmeEz4+R/BpfE0D4f+
                                                                                                                                        MD5:38EF75C1A596D537CF3B40073E2AC3D8
                                                                                                                                        SHA1:2025B357AA9AABD4FD020767925ACFACB7C7E22A
                                                                                                                                        SHA-256:835078B252CAD332FE95EDCEAF37134455E88D71799E4750B9F10988E3C602D7
                                                                                                                                        SHA-512:31D71FF5E4AFB73988FFC624944F1DE0AB4DB10596A74A03846B39C707115F46B4AB24D1448E086CA9A915DDD056DE59285396C3F0481ABAF346947F3218944A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="MapUnitTypeCurrent" serializeAs="String">.. <value>Meters</value>.. </setting>.. <setting name="AdapterIdentityCurrentGuid" serializeAs="String">.. <value>00000000-0000-0000-0000-0000000

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\sw5lmzm3.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):949
                                                                                                                                        Entropy (8bit):4.835352480400132
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:2dqIK07E449A7K6E4Ev+XDH6EKpnv+evFM:crr7HKM7HqO6EAnme+
                                                                                                                                        MD5:95DD8E9F801B0D9015FE0FACBF5F2CCB
                                                                                                                                        SHA1:43C90DFA2E0F4D18ABA4E10F65477211671AF91A
                                                                                                                                        SHA-256:0DD59037D2F2CB412F084A1A0D8D5B93B3035E6FD4D8228E4A6E3E22BC462A0A
                                                                                                                                        SHA-512:67A3080EE76D2DAFC855DF912FD7B41F8D9002966DEF003B32EAD09900FD83B8C8E532B0AC5A3E3FC0BCDA91065A874FB828D73333C11F8F1DD6E3FADE315921
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="MapUnitTypeCurrent" serializeAs="String">.. <value>Meters</value>.. </setting>.. </NetSpot.Properties.BaseSettings>.. </userSettings>..</configuration>

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\user.config (copy)

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):816
                                                                                                                                        Entropy (8bit):4.906962905855149
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TMHdGGqt1s26K9BQvDLI4MWiO69Ams26K9YG6DLI4MWivBRVcXHhuGnO6mOZ6ENZ:2dqIK07E449A7K6E4Ev+XDH6EKpnvFM
                                                                                                                                        MD5:BC08F32360FB3833E6E54A3F7CEB8AA4
                                                                                                                                        SHA1:57095099DDA91BC397373EF76A60C0CBF5EB6B96
                                                                                                                                        SHA-256:5CA7B6A555A3ACC55E56C5F14D7B0E0168F02DB532ABCDF5D927E17D0DF2A026
                                                                                                                                        SHA-512:410214DBEC867D75F938C750B8CE086191E7A3443048C3BB241DCFC3DD01F0DDEDB85FE3FB4150F6420C1CF85EE7564C93A9C10163764B59F4E02CD27710D7F2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. </NetSpot.Properties.BaseSettings>.. </userSettings>..</configuration>

                                                                                                                                        C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\vo3cafdp.newcfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1951
                                                                                                                                        Entropy (8bit):4.683288553829112
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:crr7HKM7HqO6EAnmeEz4+R/BpfE0D4fHP8d+:ur757KEAnHEsaBREAc2+
                                                                                                                                        MD5:5FF3C3345938D0449910AE6DF886DCB6
                                                                                                                                        SHA1:DE2F8CEEE997F8D897FD114D1B5FD28D62A0C8C0
                                                                                                                                        SHA-256:78BBD6874217F03D81D181EA4F69B5DDC90C438D159FB32B02F7944000623597
                                                                                                                                        SHA-512:B7155AFB522E90A72068E007579851F25578239B193379EF3E14FBE27FC549D1FEEA1DC6347B460724D3C0D5A8451A89D17E9F5D6FE0D96240D56345FE4D8BCB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="NetSpot.Properties.BaseSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <NetSpot.Properties.BaseSettings>.. <setting name="IsFirstRun" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="MapUnitTypeCurrent" serializeAs="String">.. <value>Meters</value>.. </setting>.. <setting name="AdapterIdentityCurrentGuid" serializeAs="String">.. <value>00000000-0000-0000-0000-0000000

                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\NetSpot.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3268288
                                                                                                                                        Entropy (8bit):6.42437824613569
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:UEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVsNK33389:E92bz2Eb6pd7B6bAGx7GY333K
                                                                                                                                        MD5:2498951C33DB1793078FDA96E0A95FEB
                                                                                                                                        SHA1:229B894BA2BE8EFC3D84438DE4ED23D3C9FCFC22
                                                                                                                                        SHA-256:5FA2FF5EDA3E98B26D0C84C4FD11F255FA07E97B5A9BBD046BFEF70854B0E3DF
                                                                                                                                        SHA-512:342F778D82DC3143A56897A6CC4B6AB652D328B51F6F387DDA7823E521B553C73626F0D82EE8B8F1C2CA512A188D03846652952A4EB97FFD49D759805EE4132E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,..t......`F,......P,...@...........................2.......2...@......@....................-......p-.29....-.h.............1..,....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...h.....-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-OUV8N.tmp\_isetup\_setup64.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):6144
                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Logs\ns_cbc8a.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):26481
                                                                                                                                        Entropy (8bit):5.378023247109543
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:xYdTOjdPfOjdP2bZCeTWC+wqK6pooJijztgtCV+dHQr2gVz1Ia0oIcD2IJrmIKAN:0OdfOdrtfwqK6paN00JXI0PNR4uI8
                                                                                                                                        MD5:69191F62D590D17E08E9F7FDAA1B4C09
                                                                                                                                        SHA1:C2935A86C448D5CFF600AE53C84B6BCFFAABCB75
                                                                                                                                        SHA-256:04DC8F6ED88556CEF4D9E55A6D0EB63747977411F96D5350BDFD98AE6C8C1FDD
                                                                                                                                        SHA-512:97388F528944195F1C77102F4015958832543D3BA91673B0250292112B265DD6440CE7532423B3AD025D17EF4AD0B79988344ACD19BB9E6DA99CFAB9893E816E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:30.09.2024 12:18:07 (I) > NetSpot version: 3.1.0.478..30.09.2024 12:18:07 (I) > Culture: DefaultThreadCurrentCulture = en-CH :: DefaultThreadCurrentUICulture = en-GB..30.09.2024 12:18:08 (I) > Digital signature verification complete...30.09.2024 12:18:08 (I) > MapUnitType isn't set. RegionInfo: CH, IsMetric: True..30.09.2024 12:18:08 (W) > An error occurred while initializing a new connection to the WLAN API server...[Win32Exception]: An error (code: ServiceNotActive) occurred while opening a new connection to the WLAN API server... at NetSpot.Infrastructure.WiFi.Zeroconf.Wlan.OpenHandle(WlanApiVersion version).. at NetSpot.Infrastructure.WiFi.WlanServiceProvider.Init().. at NetSpot.Infrastructure.WiFi.WlanServiceProvider..ctor(IDebug debug)....30.09.2024 12:18:08 (I) > Getting the list of available adapters...30.09.2024 12:18:08 (W) > An error occurred while getting the list of available adapters...[Win32Exception]: An error (code: ServiceNotActive) occurred while opening a new

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\NetSpot.act

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:OpenPGP Public Key
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4096
                                                                                                                                        Entropy (8bit):7.952497238680942
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:huUV7rz1OWOX6vNoUknpxgIkB0odqvDmav3QbanluLg:N/HNojpMaDeh8
                                                                                                                                        MD5:701F61946A276069A856677331BF1B9B
                                                                                                                                        SHA1:6F79AF646EED511B36E963FD4C7BD34BC1DD6893
                                                                                                                                        SHA-256:AE5ED6EB2168914DBF9D242C6E8D57C9AA682AD38266F954DE1BA351F0AE98B7
                                                                                                                                        SHA-512:2E0FE875E4BA242EB0E702AE122EAC53D00B6650DF4933BD0F9FB5937A560004719A7FDF38AEB67CD6657F44D520BDAE0755726FC976F4C621C79FE017DE9D2C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:........L.......>.'...L0..y]FQ..%7 ....G$.w...........Y'.~4J.u..3@Y.B.V....g..@.m....\;.*I..c.{.r..5t....o.}.o0FT.........^..J.D...+R......".kj.....7..C.WU....8.w.N.8{.....<.4.|.S_.G.FO...6/z......*.*.5..L.<j@m.....iy.d..1.v+......a..#..<....Hl.(..v..;./...M.[..;...^.....?...h.....3..z.Q.^8.........g)...9.?.x..~.f~:..u.$.l..+3...t?.3.9...)......:...f..N..|?.^....`.m:-L...o{..fS.'......?..Q.>.....|...;...X....B.(~.n.:b.*..:.B.)..F.r...27...:...7t..}>?qD.y...Y..z*,O...?.gT.(.9...x.UE....G..J(.2+..-..A+..v@.(.....$.T.L.....m..x....'.(.#.o....o_O...8N.....,?..t2..2.G..0.HRn.........U...sC.j.#w.~S.J%._.z.3..8.^.............$@.U.....vlE.......)o..!<.O.&....!....|..FIV..U.]I.d0..E....N..._,...!...N.;.~..p=G..x..x~..51..1.w.......a...x.=.Y........$q....P..q|...{..9................4....NZ.B.-..d.q..z.d.Y.?........F....f..y.+...z.v..M.H_...%.h&....0.i.....`.3..,......-....Jo.P...p.XXs..Nq.t.,@+.M.R.p.L]..=.......kc.-.h.xJ......V....);.....

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\PredictiveParameters\JsonVersions.json

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:JSON data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):196
                                                                                                                                        Entropy (8bit):4.677433093706849
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:PHChJZSSHmHcSs9kzF7qcOVvFFHCcZLFLHmHcSFoEzF7qcO94ovn:PH0JZS0YcSvFFOF/HxBYcS+aFFO94ov
                                                                                                                                        MD5:92A0467536F8FE69C9DACBF3E2D7B09D
                                                                                                                                        SHA1:BF76B98266B4CE334E6B2A9331D58BD9927CB31B
                                                                                                                                        SHA-256:624AEE5337D78990D5451411514FDCEA7C11450490B4D40F999193277CA82D78
                                                                                                                                        SHA-512:455B064E404B5F7A6D3F384822E5C3E3D969B9AFEC02212ECFABD5F4B0BA859204C99E305E1853598B15C25B1293DD28EF09C44026D59CD5C57369F57D68F72E
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:[..{.. "Name" : "WallMaterials.json",.. "JsonVersion" : 6,.. "AppVersionRequired" : "3.0"..},..{.. "Name" : "RouterModels.json",.. "JsonVersion" : 112,.. "AppVersionRequired" : "3.0"..}..]..

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Predictive\Storage.xml

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):837
                                                                                                                                        Entropy (8bit):5.321587616736184
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:Jdbjy22Z2c1vbmdRlKRVmf2DvrM52GDmOyTEs:3bjyFKdRcSGZOcEs
                                                                                                                                        MD5:6C1C836C666C47E8BAAF5F64EB777376
                                                                                                                                        SHA1:BB48BF6279A7727EACB7E5CCF351CD32D2F52556
                                                                                                                                        SHA-256:A0D59D0593B2E6DEEAA0638DE7B9943090D9C3EEE29C49A7A5CA0360AB99438A
                                                                                                                                        SHA-512:BD2BCFDE1E9834B08016853DF194963768D79226728494A4F618EEBCA4E8311DF838591B7EEB7B4429222640A6F35BDF9217E160DDF8BFEDBF3A101041DEF863
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Storage Version="1.0">.. <Project Name="Sample - Office Space" FilePath="*0" CreationTime="05/01/2023 14:37:40" ChangingTime="09/15/2023 11:40:22" LastOpeningTime="08/07/2023 07:56:11" IsFavorite="False" PreviewLayoutTypeSeed="33" SkippingWallMaterialVersion="0.0">.. <Zone Name="Small business office space" CreationTime="05/01/2023 14:37:40" ChangingTime="07/07/2023 13:28:23" MapGuid="0044ADDB-5BCD-4C5F-B523-034CC38155F6" PreviewImageFilePath="ZonePreviewImage_1_1.png">.. <Snapshot Name="Two access points" CreationTime="05/01/2023 14:37:40" ChangingTime="07/07/2023 13:28:23" AccessPointCount="2" />.. <Snapshot Name="Only one access point" CreationTime="05/01/2023 14:37:40" ChangingTime="05/02/2023 17:38:12" AccessPointCount="1" />.. </Zone>.. </Project>..</Storage>

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Predictive\ZonePreviewImage_1_1.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:PNG image data, 499 x 352, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):29586
                                                                                                                                        Entropy (8bit):7.963812822763387
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:jNmgVFoXmKShe95sJQGVrsgxmqJMNy75nLG7otHqQ/c2m:5mgVFve95rg3JMNkqEtHqac2m
                                                                                                                                        MD5:1F5CFEC3E62D8A59EBB399B23E752F86
                                                                                                                                        SHA1:E6E7A7DADC4E03E9DC9D1E66A2552DCE72513CF3
                                                                                                                                        SHA-256:CCCC00942D630E3950C25508BC96D590D593B1A60747909028591345346288AA
                                                                                                                                        SHA-512:765AF2733E8F77D6CDC8A0C0D394BE39273562BD30526024B540F0FDBB73CE56FD5792819B2DEB5E7A62780948316C3521FB23C210F9941703E001DBBE059781
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR.......`.............sRGB.........gAMA......a.....pHYs..........o.d..s'IDATx^...M....{.)3QD.*.L.y..T.!4.(E%.QQ."J...P.ge.......2O....=...q...x..~>....t.w.....k']2 A..A..ds).. .B."b... .q... .. .9". ...... .B.#b... .q... .. .9". ...... .B.#b... .q..s...2m.4:r...>}.:t.@g..,Y.P.|..#.A..G.\."..........R..Q..Dy.J.jD%K.C.D..A..q..B.1.z[...>BT.*Q.\D..$...u3.7y...uD./.3g..A.<#b..Q.T..D.+.5mA..Q.g..~N...C.s..7..&.y.... ...1..X...D.?D4.#.!o..?..z.V....~..A.C.\.b.2...BT...#.(.....A.....B,...Q.ND.N%Z....~D.O..]..T...B<P.0..]...!J:z..^.h...!..1..x!cF.....6d.{....;.AHtD..!.@...z=Jt.Q..DF.\..z.u.#.....#.FA....sA.W.....2..D..77.......B<...D..S......AHDD..!.At....O.#?.dn..!..1..x...4mAy.... .B.!b..N..._|N..m57...H.........u^x..s. ..... 8..:..j..x....S.u~SEJB.wA....sAp...R..7..A....sAp...&Z..H&a...B.\...\.%K.?....AH.D...iT.N.6.7+. $."..4.,L.OH.vAH$.....8.h.8.d....bVb...+. ...s!11.|P.k..5.=..A...\..........QT.fMsk..m?Q....uGsC.8..</3d.H...,b..

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\Storage.xml

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2677
                                                                                                                                        Entropy (8bit):5.30290666853774
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:3bjyOQRnz+sAcRigro1sbkjbRdYxYy9E9RwFqWFE1uRdv8Prev8gu0s:rjyOqiIigdbYlNlFERSma
                                                                                                                                        MD5:E4BAF795E91DB5810190526BC2FFFB7B
                                                                                                                                        SHA1:131C39331963B11924177E2B001C50B60BE4A4A9
                                                                                                                                        SHA-256:D8CD4D9C91BEE9CD47D0623A5FC15B799E8309B81A15E11D93954A62B86E04CF
                                                                                                                                        SHA-512:DA3EC068A56D3926C58B739776F675355F341AFE29B2EFED05332F0F2CBFB0C0F1FD84F00B7AC09ABCBF3AA7384D8F49EC5C7A5A0C4C560CF6362CC42C895322
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Storage Version="1.0">.. <Project Name="Sample - Detached Home" Description="Contemporary detached home" FilePath="*0" CreationTime="07/20/2023 10:42:08" ChangingTime="07/26/2023 11:36:36" LastOpeningTime="07/26/2023 14:40:32" IsFavorite="False" PreviewLayoutTypeSeed="10">.. <Zone Name="Ground Floor - Indoor &amp; surround" CreationTime="07/20/2023 10:46:38" ChangingTime="07/20/2023 14:39:00" MapGuid="43E265FD-6B55-4CAB-A250-8CCD40E19071" PreviewImageFilePath="ZonePreviewImage_1_1.png">.. <Snapshot Name="OK, but needs extra mesh unit" CreationTime="07/20/2023 10:46:38" ChangingTime="07/20/2023 14:39:00" BeginTime="07/20/2023 10:46:38" EndTime="07/20/2023 14:39:00" DataPointCount="84" />.. </Zone>.. <Zone Name="First Floor - Family area" Description="second floor" CreationTime="07/20/2023 19:35:26" ChangingTime="07/21/2023 08:25:20" MapGuid="1E83A47E-5D36-430D-88C9-2E6F9E53B361" PreviewImageFilePath="ZonePreviewImage_1_2.png">..

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_1_1.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):33403
                                                                                                                                        Entropy (8bit):7.94515882901847
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:xfEVPUNh87T7wdw7YVW+xenh2TppakLHwG7UbaeoDheSY:ZNhgnb1XaL1yaw
                                                                                                                                        MD5:B3F95E4AB6E8A4B9508A45398DAD78BC
                                                                                                                                        SHA1:0E4CF94DBCA5B7F73A44B74BD79E9BFBD10B1ACC
                                                                                                                                        SHA-256:13A9F4BFB3897DF77B656C0B0683A9660FA9999D076EED656B96371DFD5A52B8
                                                                                                                                        SHA-512:0956D48A5FB830AD3B83F842CC7959D86FD4ABEE0FA23740292EF475CDC0910FB72879134E8E951DD2CFA43C5EE3C4F37A94178DF6A007CF665B70A245ACE009
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR....................sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....E.......A@...Q.%.:(....SQ.AP...Fh.B(...].(X.^BB.....Q:iW.....ys..e.n...|....;...3..c..B.!.4...B.!.0.t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B..

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_1_2.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):36259
                                                                                                                                        Entropy (8bit):7.9462689367085995
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:lvqMdt0eiaGuVXxxIFC2c5ykYByYyDOcthd5kexk:ljEM7VXxxIotn+yYhcd5keO
                                                                                                                                        MD5:69662C34BE361A62978BE552043D97FF
                                                                                                                                        SHA1:98810164534FE0C084C965447AF6833F74F019F0
                                                                                                                                        SHA-256:DE9A4CBFE63F5A33FC32893628A3417E9B0FC5DEF3A965A3C278AED9C48FE99C
                                                                                                                                        SHA-512:E98170C79737517FDA4C5EA792091CEC7D25C6199AB56D6BB57E12FFD2A20ECC198095A69DBA8689DD3935F74B3B3CF9823568BB729D7203DEA73AEA94E7CF7B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR....................sRGB.........gAMA......a.....pHYs..........o.d...8IDATx^...\E........ ..P..K ._PQ.Q.(..... .P........EAZ..E@....K....}...w.W..{.~....M.....6...!..bL....!..b.#A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!....t!..".H..B.. A.B.!B..].!..

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_1.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:PNG image data, 500 x 417, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):47147
                                                                                                                                        Entropy (8bit):7.953133548050001
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:c4plMnbW/I4iYPG0YU8HgZ2QnAig+y+47z1OqOo8Rr5Ek03j6XnpixDyTYL3lNfX:c4pWbW/I72tugt/Ty+47z1gEk0z6Xk8Y
                                                                                                                                        MD5:1F6AAA83FF75ACA961C4074D51A9562B
                                                                                                                                        SHA1:B2CC67778D2E7950C5241D74B459AA7D6B000487
                                                                                                                                        SHA-256:AEEA8E8D37BC5EAE1DB95FDBC1DE5B9E7E495C4DF2E87B1185B637ED3D243365
                                                                                                                                        SHA-512:E60E380A40CDB80E4D58D76199B262FAC7D859948F87BC49BF1010CE15F09363221AB5CE19FD51769F3765840240DD15AACF547D9785E23571A13629588F87F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR...............F.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.....Uy...9191.k.........{....QPT,..{/...b....(b..co..-..[L;.}.,...b..{f..{.......g=.=..........(..Xh..cQ.EQ..L)..(..X.J..EQ...P..(..(..R.EQ.E...B/..(.%..zQ.EQ,....(.b.(.^.EQ.K@)..(..X.J..EQ...P..(..(..R.EQ.E...B/..(.%..zQ.EQ,....(.b.(.^.EQ.K@)..(..X.J..EQ...P..(..(..R.EQ.E...B/..(.%..zQ.EQ,....(.b.(.^.EQ.K@)..(..X.J..EQ...P..(..(..R.EQ.E...B/..(.%..zQ.EQ,....(.b.(.^.EQ.K@)..(..X.J..EQ...P..(..(..R.EQ.E...B/..(.%......(.bj.........W;....^..^.......=.sp..wc'..............|{.a,.YR5..(.M.......~..A...P.w..]......JW.R.......v........}.....G.{.}.k.O.......=...O........=...<........nQ..UC/.bC...........?..?......g9.Y....6......ny.[..9...o}.......&eNQ?.............[...._.._...~.......w.k....;..~.R{...8.......z......J..E.a.;..U.z...F.zj.o|....x.+......US~...7x....j.....N[)D....x...]..Q..........7.K^.....P..(.......~v..{6...;..'&.Fi.}.....s?.fE....|..".b....(6.fo...s

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_2.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:PNG image data, 500 x 379, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):41863
                                                                                                                                        Entropy (8bit):7.9509014637592585
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:XD7Na8GyXB+PTGqp9ZiUtE013r1J5IwnASUPEGDXcuqAOpzJAyJO/sjH/c/f:XDkjykKqpbEa7Sw7WXmrfAyM/s7/C
                                                                                                                                        MD5:158CB7F0F0AE2D10408FB60B1240C03F
                                                                                                                                        SHA1:4B6CB64EA4070F1136158684AE1C418CA4A0EAE2
                                                                                                                                        SHA-256:79817406D608A7E32C9D77F402183849A7E5C4A494E471C84FB0521CCFBB3614
                                                                                                                                        SHA-512:513CD1F5B1AFEF3CBE8270BC3333E0DF36A1451D7DE47AA8D5C153F6DA9AC2D178CE483F1A113F3D61E4217DF91CF1FBF2205375BBFC96CD2F50D6991265B6F9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR.......{.....$0y.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....4E.....g8..".......(.@E%....fP.DD..".N.H..J.....8PL`..<.T.........o..........}.U..........\..>A+I.$I..f..m.$I.$#L.z.$I...).I.$I2...'I.$.....$I.$c@.z.$I...).I.$I2...'I.$.....$I.$c@.z.$I...).I.$I2...'I.$.....$I.$c@.z.$I...).I.$I2...'I.$.....$I.$c@.z.$I...).I.$I2...'I.$.....$}...o..i.......O.$..)..X..b..2..?....w....[nJ....A^+I......=.......;.g?M.7.~.....W.RD=.c;.sk.e...C.G..0&I2.,3.Qg6=.[..>..C[+..R....w..A........g.}Z..v[.f.0......?.u.......N.. ...Z;.ck.u..I.d.IAO...7.T.%.w..]'...s......]...e.]Z.m.Qk..n..nw+%v...UW].....pJ.#..@.\{..W..I.d.IAO...8....d).....d.."\....[k...m.$..`S.$Y ..t..o\.u.3... ..$.x.....D..!^......s!.4.c!.$IoIAO.....u.x.t.'I.......1.+..QJq.33.vf~.d.HAO...>..*.<.......O.L...v.i.cz.'I2:..'cCt|k....Qb.,...h..P.$.C.z26.p.....$..I..".=I.$I...d...c?Y.B..O..?....=.D=Mfp.d.._....j..~.{K...c.=Z....\zn......^..&..@.uj_O.d.HAO.v..Z.0..7...I.

                                                                                                                                        C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_3.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        File Type:PNG image data, 499 x 414, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):47069
                                                                                                                                        Entropy (8bit):7.949685147301655
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:0234DzWeFtvnxTmhXIBywJSrtEF4XXCePB0tSWEcaW0t9ikwPOZPJWk:6llogOEqXXCiOtHiW0JYw
                                                                                                                                        MD5:7D5685B7A1289267370C015E708B5B41
                                                                                                                                        SHA1:39A832485935B5E49F5F35747E475A18F019D01A
                                                                                                                                        SHA-256:016543AA2C720050F6450D7FDFAC4CB41E1CA5427CDBA22D1DA8A021C5C109C5
                                                                                                                                        SHA-512:5496F975020E268CE09A1D68A82480C4EDE635B935ADE510C6ACF11E2F4255097599DDEDEC180B3FB2798EBDCA463987B007B9B7090D9B3DBBFF4F204DC2293F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR..............e......sRGB.........gAMA......a.....pHYs..........o.d...rIDATx^....D....9..{.&.H..WA. U...D......K....E....;..?..{.%..z.${...%y.u_.\If..Lffe&..[_.$.. ........A..A..0.A..APs..A..A..c..A..5'.y..A..0.A..APs..A..A..c..A..5'.y..A..0.A..APs..A..A..c..A..5'.y.4.....?..O"......A..U!.y......o....l?...*.1...4......g..../3..{......c...K......1....8c.w.u..#..&.t...O?.e...<..~..<..d..b.w.q.....y..{..^6..f..?..n.i. ..M.. ..?..fD~...g.~.a6.Xce.<.H6..sd.O>y..'....t{..A....N(z.`..7......o......N..z.-3.......3O.../go..f...~....1R......<..`x...?....H{.=..N?...7.0C..........+.x...:~q_..A...y0,I.=...x{....=.P3..M4Q...;.-......g.>.l..s.e.L0....=..^..<..P.1.2...rH......G.m4....0..h....=[n..,....>...\..A..i.`X.2..n....>..O?m...!.a.....;[j...3.<3[d.E.-w^..1W.A...&.y0...b..V.q>....SO=5../.I&.......`D...Kdg.}v....d._....>.Sf.}....xrA...".y0,a...=..3.o...'.x.^........(.t.M...k...?.i#..n.\r.l...j..e...@..A..g.....2..O.0.Y.f.....F..

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Entropy (8bit):7.99915072355077
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 98.45%
                                                                                                                                        • Inno Setup installer (109748/4) 1.08%
                                                                                                                                        • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                        File name:NetSpot.exe
                                                                                                                                        File size:83'966'680 bytes
                                                                                                                                        MD5:8ce5f5b39cd7ab4a9b227068d3f3b12a
                                                                                                                                        SHA1:7559b2c5c2d1bfad6b22107caed801e456a152b4
                                                                                                                                        SHA256:758c7a88d4c1b5332ad90ad057858bf67d9846400913c1c1a2bd52f187482e28
                                                                                                                                        SHA512:369aa40282e0d097fc551b6bfb78a0193f4f54c5622ce24ca39ecade6ff2f18a5836faceb2004d89b84acae03ffd9641766eb88d1b4faf4d5e922d56422d1b0e
                                                                                                                                        SSDEEP:1572864:AZUu4xhJmUsFNPsmItetYNWYbYoOUobwwQTQXpOGAVWAXFAJCYsXp8luS4J9lPZI:CUu8PxKP3lt+WYDwb1HYGAVWAX20+lu6
                                                                                                                                        TLSH:1708333FB318603FD49687B218B3F6A449BB7E4479094C2E1BF13868DF761252E27949
                                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:49717170b2844a43

                                                                                                                                        Static PE Info

                                                                                                                                        General

                                                                                                                                        Entrypoint:0x4b5eec
                                                                                                                                        Entrypoint Section:.itext
                                                                                                                                        Digitally signed:true
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                        Time Stamp:0x60B88E27 [Thu Jun 3 08:09:11 2021 UTC]
                                                                                                                                        TLS Callbacks:
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:6
                                                                                                                                        OS Version Minor:1
                                                                                                                                        File Version Major:6
                                                                                                                                        File Version Minor:1
                                                                                                                                        Subsystem Version Major:6
                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                        Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                        Authenticode Signature

                                                                                                                                        Signature Valid:true
                                                                                                                                        Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                        Error Number:0
                                                                                                                                        Not Before, Not After
                                                                                                                                        • 13/03/2023 00:00:00 12/03/2026 23:59:59
                                                                                                                                        Subject Chain
                                                                                                                                        • CN=Etwok Inc, O=Etwok Inc, S=Delaware, C=US
                                                                                                                                        Version:3
                                                                                                                                        Thumbprint MD5:907E6EE508FBE742FAB9151158088B2F
                                                                                                                                        Thumbprint SHA-1:0CE8A20586E6680C6AC3F0E793D8E136EF7E1A98
                                                                                                                                        Thumbprint SHA-256:4B6EF51D486E2D14DA53FA640A700E4D78EEDF176164EEEEE4D5CEE02CAF6D1E
                                                                                                                                        Serial:00C6EB692334335F8C1CC6AC6679C52343

                                                                                                                                        Entrypoint Preview

                                                                                                                                        Instruction
                                                                                                                                        push ebp
                                                                                                                                        mov ebp, esp
                                                                                                                                        add esp, FFFFFFA4h
                                                                                                                                        push ebx
                                                                                                                                        push esi
                                                                                                                                        push edi
                                                                                                                                        xor eax, eax
                                                                                                                                        mov dword ptr [ebp-3Ch], eax
                                                                                                                                        mov dword ptr [ebp-40h], eax
                                                                                                                                        mov dword ptr [ebp-5Ch], eax
                                                                                                                                        mov dword ptr [ebp-30h], eax
                                                                                                                                        mov dword ptr [ebp-38h], eax
                                                                                                                                        mov dword ptr [ebp-34h], eax
                                                                                                                                        mov dword ptr [ebp-2Ch], eax
                                                                                                                                        mov dword ptr [ebp-28h], eax
                                                                                                                                        mov dword ptr [ebp-14h], eax
                                                                                                                                        mov eax, 004B10F0h
                                                                                                                                        call 00007F46BD1BBC55h
                                                                                                                                        xor eax, eax
                                                                                                                                        push ebp
                                                                                                                                        push 004B65E2h
                                                                                                                                        push dword ptr fs:[eax]
                                                                                                                                        mov dword ptr fs:[eax], esp
                                                                                                                                        xor edx, edx
                                                                                                                                        push ebp
                                                                                                                                        push 004B659Eh
                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                        mov eax, dword ptr [004BE634h]
                                                                                                                                        call 00007F46BD25E37Fh
                                                                                                                                        call 00007F46BD25DED2h
                                                                                                                                        lea edx, dword ptr [ebp-14h]
                                                                                                                                        xor eax, eax
                                                                                                                                        call 00007F46BD1D16C8h
                                                                                                                                        mov edx, dword ptr [ebp-14h]
                                                                                                                                        mov eax, 004C1D84h
                                                                                                                                        call 00007F46BD1B6847h
                                                                                                                                        push 00000002h
                                                                                                                                        push 00000000h
                                                                                                                                        push 00000001h
                                                                                                                                        mov ecx, dword ptr [004C1D84h]
                                                                                                                                        mov dl, 01h
                                                                                                                                        mov eax, dword ptr [004237A4h]
                                                                                                                                        call 00007F46BD1D272Fh
                                                                                                                                        mov dword ptr [004C1D88h], eax
                                                                                                                                        xor edx, edx
                                                                                                                                        push ebp
                                                                                                                                        push 004B654Ah
                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                        call 00007F46BD25E407h
                                                                                                                                        mov dword ptr [004C1D90h], eax
                                                                                                                                        mov eax, dword ptr [004C1D90h]
                                                                                                                                        cmp dword ptr [eax+0Ch], 01h
                                                                                                                                        jne 00007F46BD2649EAh
                                                                                                                                        mov eax, dword ptr [004C1D90h]
                                                                                                                                        mov edx, 00000028h
                                                                                                                                        call 00007F46BD1D3024h
                                                                                                                                        mov edx, dword ptr [004C1D90h]

                                                                                                                                        Data Directories

                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x27b70.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x5010e180x2cc0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                        Sections

                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .rsrc0xc70000x27b700x27c00f88d3d1492537e608b4faed0ea195b30False0.49387038128930816data6.501986189866485IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                        Resources

                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                        RT_ICON0xc75280xc1cePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9992340871528198
                                                                                                                                        RT_ICON0xd36f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/mEnglishUnited States0.22811427895421743
                                                                                                                                        RT_ICON0xe3f200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/mEnglishUnited States0.30272791686348605
                                                                                                                                        RT_ICON0xe81480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/mEnglishUnited States0.35943983402489627
                                                                                                                                        RT_ICON0xea6f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/mEnglishUnited States0.4174484052532833
                                                                                                                                        RT_ICON0xeb7980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/mEnglishUnited States0.6037234042553191
                                                                                                                                        RT_STRING0xebc000x360data0.34375
                                                                                                                                        RT_STRING0xebf600x260data0.3256578947368421
                                                                                                                                        RT_STRING0xec1c00x45cdata0.4068100358422939
                                                                                                                                        RT_STRING0xec61c0x40cdata0.3754826254826255
                                                                                                                                        RT_STRING0xeca280x2d4data0.39226519337016574
                                                                                                                                        RT_STRING0xeccfc0xb8data0.6467391304347826
                                                                                                                                        RT_STRING0xecdb40x9cdata0.6410256410256411
                                                                                                                                        RT_STRING0xece500x374data0.4230769230769231
                                                                                                                                        RT_STRING0xed1c40x398data0.3358695652173913
                                                                                                                                        RT_STRING0xed55c0x368data0.3795871559633027
                                                                                                                                        RT_STRING0xed8c40x2a4data0.4275147928994083
                                                                                                                                        RT_RCDATA0xedb680x10data1.5
                                                                                                                                        RT_RCDATA0xedb780x2c4data0.6384180790960452
                                                                                                                                        RT_RCDATA0xede3c0x2cdata1.2045454545454546
                                                                                                                                        RT_GROUP_ICON0xede680x5adataEnglishUnited States0.7666666666666667
                                                                                                                                        RT_VERSION0xedec40x584dataEnglishUnited States0.2868271954674221
                                                                                                                                        RT_MANIFEST0xee4480x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                        Imports

                                                                                                                                        DLLImport
                                                                                                                                        kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                        comctl32.dllInitCommonControls
                                                                                                                                        version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                        user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                        oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                        netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                        advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                        Exports

                                                                                                                                        NameOrdinalAddress
                                                                                                                                        TMethodImplementationIntercept30x454060
                                                                                                                                        __dbk_fcall_wrapper20x40d0a0
                                                                                                                                        dbkFCallWrapperAddr10x4be63c

                                                                                                                                        Possible Origin

                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                        EnglishUnited States

                                                                                                                                        Network Behavior

                                                                                                                                        Network Port Distribution

                                                                                                                                        TCP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Sep 30, 2024 14:18:09.975188971 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:09.975265026 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:09.977674961 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.005500078 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.005539894 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.581070900 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.581171036 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.610347986 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.610400915 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.610624075 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.651495934 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.700428009 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.747406960 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.799880981 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.799952030 CEST4434974066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:10.800017118 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:10.803457975 CEST49740443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546092987 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546164989 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:13.546200991 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546250105 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:13.546255112 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546300888 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546566010 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546576977 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:13.546580076 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.546595097 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:13.553814888 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.553849936 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:13.553915977 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.554213047 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:13.554225922 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.103562117 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.109743118 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.109843016 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.112827063 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.112870932 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.113193035 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.114531040 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.114944935 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.114981890 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.122318029 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.122340918 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.133862972 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.146342993 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.146379948 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.223562956 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.223618984 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.223670006 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.223691940 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.223705053 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.223711014 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.223762989 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.223769903 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.248071909 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.248090982 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.248142958 CEST4434974366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.248169899 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.248197079 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.248609066 CEST49743443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.266125917 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.305552006 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.305607080 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.305699110 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.305710077 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.305742979 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.305757999 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.307862043 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.307909012 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.307941914 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.307948112 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.307971954 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.307981968 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.390532017 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.390558958 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.390678883 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.390696049 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.390737057 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.391845942 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.391866922 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.391921997 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.391930103 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.391967058 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.392913103 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.392931938 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.392967939 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.392972946 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.392995119 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.393016100 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.394527912 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.394546032 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.394629002 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.394635916 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.394675016 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.476968050 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.476993084 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.477111101 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.477128983 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.477179050 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.477552891 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.477574110 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.477624893 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.477636099 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.477663040 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.477670908 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.477768898 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.478044987 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.478064060 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.478116035 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.478122950 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.478163004 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.478857994 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.478876114 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.478914022 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.478919029 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.478945017 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.478956938 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.479783058 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.479800940 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.479840040 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.479846001 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.479862928 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.479882002 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.480583906 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.480602026 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.480654001 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.480658054 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.480695963 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.481575966 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.481596947 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.481643915 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.481651068 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.481689930 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.482450008 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.482469082 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.482505083 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.482510090 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.482537031 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.482553005 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.522459984 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.522480011 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.522526979 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.522533894 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.522557020 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.522566080 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563447952 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563467026 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563527107 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563532114 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563565969 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563585043 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563676119 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563694954 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563740969 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563745975 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563771009 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563791990 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.563960075 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.563978910 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.564027071 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.564032078 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.564047098 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.564069986 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.566498041 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.566591024 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:14.566632986 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.637394905 CEST49744443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:14.637418985 CEST4434974466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:15.152424097 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:15.152448893 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:15.152512074 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:15.152563095 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:15.152734995 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:15.155956984 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:15.156001091 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:15.156030893 CEST49745443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:18:15.156045914 CEST4434974566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:37.786784887 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:37.786843061 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:37.786947966 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:37.787561893 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:37.787579060 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:38.360347986 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:38.360420942 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:38.361991882 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:38.362006903 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:38.362333059 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:38.363157034 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:38.363269091 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:38.363297939 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.664907932 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.664949894 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.665033102 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.665054083 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.665162086 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.665361881 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.665361881 CEST49750443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.665378094 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.665386915 CEST4434975066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.670041084 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.670074940 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:39.670187950 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.671504021 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:39.671523094 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.380331993 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.380408049 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.382009029 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.382014990 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.382239103 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.383016109 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.383136988 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.383157969 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.688677073 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.688697100 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.688756943 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.688760996 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.688846111 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.689116001 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.689141035 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:40.689167976 CEST49751443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:40.689174891 CEST4434975166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:43.125804901 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.125863075 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:43.126054049 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.130600929 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.130616903 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:43.727658987 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:43.727771044 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.729125977 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.729136944 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:43.729906082 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:43.730766058 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.730842113 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:43.730921030 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:44.021708965 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:44.021766901 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:44.021919012 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:44.021920919 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:44.022049904 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:44.022173882 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:44.022173882 CEST49752443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:44.022195101 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:44.022205114 CEST4434975266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:49.062426090 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.062527895 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:49.062632084 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.062966108 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.062995911 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:49.636136055 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:49.636245012 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.637547970 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.637566090 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:49.638345003 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:49.639168978 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.639313936 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:49.639458895 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:50.713295937 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:50.713370085 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:50.713479042 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:50.713512897 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:50.713588953 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:50.714250088 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:50.714581966 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:50.714581966 CEST49753443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:50.714613914 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:50.714624882 CEST4434975366.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:57.344173908 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.344221115 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:57.344288111 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.344734907 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.344744921 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:57.906156063 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:57.906235933 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.918036938 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.918056965 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:57.918322086 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:57.919681072 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.919770002 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:57.919783115 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:58.204199076 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:58.204226971 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:58.204283953 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:58.204298019 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:58.204317093 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:58.204356909 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:58.204657078 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:58.204670906 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:19:58.204701900 CEST49754443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:19:58.204706907 CEST4434975466.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:01.267982006 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.268023968 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:01.268239021 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.269890070 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.269908905 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:01.865802050 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:01.865885019 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.867368937 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.867381096 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:01.868187904 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:01.868962049 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.869112968 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:01.869184017 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:02.158657074 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:02.158704042 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:02.158782005 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:02.158797979 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:02.158843994 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:02.158925056 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:02.159254074 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:02.159254074 CEST49755443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:02.159272909 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:02.159281969 CEST4434975566.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:32.434539080 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.434621096 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:32.434695005 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.435157061 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.435174942 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:32.991188049 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:32.991266966 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.992743969 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.992757082 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:32.992990017 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:32.994010925 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.994122028 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:32.994146109 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:33.326220036 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:33.326276064 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:33.326436996 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:33.326451063 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:33.331743002 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:33.331860065 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:33.331860065 CEST49756443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:33.331888914 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:33.331899881 CEST4434975666.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:36.590734005 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:36.590794086 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:36.590867996 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:36.591320038 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:36.591332912 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:37.179450989 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:37.179519892 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:37.181158066 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:37.181169987 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:37.181408882 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:37.218126059 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:37.218311071 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:37.218395948 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:38.175638914 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:38.175662994 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:38.175730944 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:38.175765991 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:38.175929070 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:38.176088095 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:38.176105976 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:38.176137924 CEST49757443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:38.176142931 CEST4434975766.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.106107950 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.106165886 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.106220961 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.106638908 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.106648922 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.664722919 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.664880037 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.667643070 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.667654037 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.667890072 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.668735981 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.671638012 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.671659946 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.944124937 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.944153070 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.944228888 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.944226027 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.944446087 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.944605112 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.944629908 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:41.944648027 CEST49758443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:41.944655895 CEST4434975866.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:51.873677969 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:51.873776913 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:51.877815962 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:51.881998062 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:51.882035971 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:52.451255083 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:52.451318979 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:52.453212023 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:52.453224897 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:52.453505039 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:52.454256058 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:52.454449892 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:52.454482079 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:53.556233883 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:53.556266069 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:53.556334972 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:53.556365967 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:53.556592941 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:53.559160948 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:53.559185028 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:53.559258938 CEST49759443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:53.559267044 CEST4434975966.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:56.808917999 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:56.809017897 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:56.809103012 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:56.809530020 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:56.809562922 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.390836954 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.390914917 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.392596006 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.392610073 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.393049955 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.393795967 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.393937111 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.393965960 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.705773115 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.705796003 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.705862045 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.705863953 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.705909014 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.706170082 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.706178904 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:20:57.706228971 CEST49760443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:20:57.706235886 CEST4434976066.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:24.125195980 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:24.125300884 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:24.125462055 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:24.126270056 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:24.126307011 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.184510946 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.184743881 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.186172009 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.186177969 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.186500072 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.187419891 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.187544107 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.187567949 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.479408026 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.479439974 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.479520082 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.479518890 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.479724884 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.480391026 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.480391026 CEST49761443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:25.480406046 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:25.480417013 CEST4434976166.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:36.163728952 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.163790941 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:36.165210962 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.165807009 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.165822029 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:36.718993902 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:36.719064951 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.721033096 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.721046925 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:36.721287966 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:36.757052898 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.757139921 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:36.757180929 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:37.700901985 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:37.700927973 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:37.700993061 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:37.701024055 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:37.703815937 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:37.703944921 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:37.703944921 CEST49762443192.168.2.466.135.20.63
                                                                                                                                        Sep 30, 2024 14:21:37.703958988 CEST4434976266.135.20.63192.168.2.4
                                                                                                                                        Sep 30, 2024 14:21:37.703962088 CEST4434976266.135.20.63192.168.2.4

                                                                                                                                        UDP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Sep 30, 2024 14:18:09.953824043 CEST5307253192.168.2.41.1.1.1
                                                                                                                                        Sep 30, 2024 14:18:09.968831062 CEST53530721.1.1.1192.168.2.4
                                                                                                                                        Sep 30, 2024 14:18:13.539244890 CEST5812653192.168.2.41.1.1.1
                                                                                                                                        Sep 30, 2024 14:18:13.551028967 CEST53581261.1.1.1192.168.2.4

                                                                                                                                        DNS Queries

                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                        Sep 30, 2024 14:18:09.953824043 CEST192.168.2.41.1.1.10x61a4Standard query (0)www.netspotapp.comA (IP address)IN (0x0001)false
                                                                                                                                        Sep 30, 2024 14:18:13.539244890 CEST192.168.2.41.1.1.10xad9eStandard query (0)updates.netspotapp.comA (IP address)IN (0x0001)false

                                                                                                                                        DNS Answers

                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                        Sep 30, 2024 14:18:09.968831062 CEST1.1.1.1192.168.2.40x61a4No error (0)www.netspotapp.com66.135.20.63A (IP address)IN (0x0001)false
                                                                                                                                        Sep 30, 2024 14:18:13.551028967 CEST1.1.1.1192.168.2.40xad9eNo error (0)updates.netspotapp.com66.135.20.63A (IP address)IN (0x0001)false

                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                        • www.netspotapp.com
                                                                                                                                        • updates.netspotapp.com

                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        0192.168.2.44974066.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:18:10 UTC89OUTGET /pjf/JsonVersions.json HTTP/1.1
                                                                                                                                        Host: www.netspotapp.com
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-09-30 12:18:10 UTC359INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:18:10 GMT
                                                                                                                                        Content-Type: application/json
                                                                                                                                        Content-Length: 196
                                                                                                                                        Last-Modified: Thu, 26 Sep 2024 08:50:55 GMT
                                                                                                                                        Connection: close
                                                                                                                                        ETag: "66f5206f-c4"
                                                                                                                                        Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                                                                                                                        Cache-Control: max-age=315360000
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        2024-09-30 12:18:10 UTC196INData Raw: 5b 0d 0a 7b 0d 0a 20 20 22 4e 61 6d 65 22 20 3a 20 22 57 61 6c 6c 4d 61 74 65 72 69 61 6c 73 2e 6a 73 6f 6e 22 2c 0d 0a 20 20 22 4a 73 6f 6e 56 65 72 73 69 6f 6e 22 20 3a 20 36 2c 0d 0a 20 20 22 41 70 70 56 65 72 73 69 6f 6e 52 65 71 75 69 72 65 64 22 20 3a 20 22 33 2e 30 22 0d 0a 7d 2c 0d 0a 7b 0d 0a 20 20 22 4e 61 6d 65 22 20 3a 20 22 52 6f 75 74 65 72 4d 6f 64 65 6c 73 2e 6a 73 6f 6e 22 2c 0d 0a 20 20 22 4a 73 6f 6e 56 65 72 73 69 6f 6e 22 20 3a 20 31 31 32 2c 0d 0a 20 20 22 41 70 70 56 65 72 73 69 6f 6e 52 65 71 75 69 72 65 64 22 20 3a 20 22 33 2e 30 22 0d 0a 7d 0d 0a 5d 0d 0a
                                                                                                                                        Data Ascii: [{ "Name" : "WallMaterials.json", "JsonVersion" : 6, "AppVersionRequired" : "3.0"},{ "Name" : "RouterModels.json", "JsonVersion" : 112, "AppVersionRequired" : "3.0"}]


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        1192.168.2.44974566.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:18:14 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:18:14 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:18:15 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:18:15 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=d5ecd5f9699e71d4c3990cd22310d012; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:18:15 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        2192.168.2.44974466.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:18:14 UTC89OUTGET /pjf/RouterModels.json HTTP/1.1
                                                                                                                                        Host: www.netspotapp.com
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-09-30 12:18:14 UTC365INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:18:14 GMT
                                                                                                                                        Content-Type: application/json
                                                                                                                                        Content-Length: 354153
                                                                                                                                        Last-Modified: Thu, 26 Sep 2024 08:50:55 GMT
                                                                                                                                        Connection: close
                                                                                                                                        ETag: "66f5206f-56769"
                                                                                                                                        Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                                                                                                                        Cache-Control: max-age=315360000
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        2024-09-30 12:18:14 UTC16019INData Raw: 5b 2a 00 00 02 6a 53 4f 4e 76 45 52 53 49 4f 4e 02 1a 00 11 11 12 0c 2a 00 00 02 76 45 4e 44 4f 52 02 1a 00 7b 2a 00 00 00 00 5b 2a 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 64 45 46 41 55 4c 54 00 56 45 4e 44 4f 52 02 0c 2a 00 00 00 00 00 00 02 62 73 73 69 64 02 1a 00 02 10 10 1a 10 10 1a 10 10 02 0c 2a 00 00 00 00 00 00 02 6d 4f 44 45 4c 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 5b 2a 00 00 00 00 00 00 00 00 00 00 02 69 44 02 1a 00 11 0c 2a 00 00 00 00 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 64 45 46 41 55 4c 54 00 52 4f 55 54 45 52 02 0c 2a 00 00 00 00 00 00 00 00 00 00 02 70 4f 57 45 52 02 1a 00 12 10 0c 2a 00 00 00 00 00 00 00 00 00 00 02 62 41 4e 44 02 1a 00 5b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 10 02 1a 00 5b 2a 00 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii: [*jSONvERSION*vENDOR{*[*nAMEdEFAULTVENDOR*bssid*mODEL{*[*iD*nAMEdEFAULTROUTER*pOWER*bAND[*[*
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 42 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 47 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 4e 02 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 63 48 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 65 70 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12
                                                                                                                                        Data Ascii: {*B*G*N*}*cHANNEL{}*]*]*sECURITY{*wep*wpaeNTERPRISE*wpapERSONAL*wpa
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 02 63 48 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 11 02 1a 00 5b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 6d 4f 44 45 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 4e 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 43 02 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 63 48 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70
                                                                                                                                        Data Ascii: cHANNEL{}*]*[*mODE{*A*N*AC*}*cHANNEL{}*]*]*sECURITY{*wp
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 00 00 00 00 00 00 00 02 41 43 02 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 63 48 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 70 45 52 53 4f 4e 41 4c 02 2a 00 00 00 00 00 00 00 00 00 00 7d 2a 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 5b 2a 00 00 00 00 00 00 00 00 00 00 02 69 44 02 1a 00 12 11 13 0c 2a 00 00 00 00 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 43 4e 70 49 4c 4f 54 00 45 15 11 10 02 0c 2a 00 00
                                                                                                                                        Data Ascii: AC*}*cHANNEL{}*]*]*sECURITY{*wpapERSONAL*wpapERSONAL*}*]*[*iD*nAMECNpILOTE*
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 13 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 13 00 65 4e 54 45 52 50 52 49 53 45 02 2a 00 00 00 00 00 00 00 00 00 00 7d 2a 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 5b 2a 00 00 00 00 00 00 00 00 00 00 02 69 44 02 1a 00 12 19 13
                                                                                                                                        Data Ascii: *sECURITY{*wpapERSONAL*wpaeNTERPRISE*wpapERSONAL*wpaeNTERPRISE*wpapERSONAL*wpaeNTERPRISE*}*]*[*iD
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 11 02 1a 00 5b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 6d 4f 44 45 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 4e 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 43 02 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 63 48 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 65 70 02 0c 2a 00 00 00 00 00 00 00 00
                                                                                                                                        Data Ascii: ANNEL{}*]*[*mODE{*A*N*AC*}*cHANNEL{}*]*]*sECURITY{*wep*
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 13 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 13 00 70 45 52 53 4f 4e 41 4c 02 2a 00 00 00 00 00 00 00 00 00 00 7d 2a 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 5b 2a 00 00 00 00 00 00 00 00 00 00 02 69 44 02 1a 00 14 10 19 0c 2a 00 00 00 00 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 61 70 14 11 10 63 02 0c 2a 00 00 00 00 00 00 00 00 00 00 02 70 4f 57 45 52 02 1a 00 11 18 0c 2a 00 00 00 00 00 00 00 00 00 00 02 62 41 4e 44 02 1a 00 5b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 10 02 1a 00 5b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 6d 4f 44 45 02 1a 00 7b 2a
                                                                                                                                        Data Ascii: wpapERSONAL*wpaeNTERPRISE*wpapERSONAL*}*]*[*iD*nAMEapc*pOWER*bAND[*[*mODE{*
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 65 70 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 70 45 52 53 4f 4e 41 4c 02 2a 00 00 00 00 00 00 00 00 00 00 7d 2a 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 7d 2a 00 00 00 00 5d 0c 2a 00 00 00 00 5b 2a 00 00 00 00 00 00 02 6e 41 4d
                                                                                                                                        Data Ascii: }*]*]*sECURITY{*wep*wpaeNTERPRISE*wpapERSONAL*wpaeNTERPRISE*wpapERSONAL*}*]*}*]*[*nAM
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 00 00 00 00 00 02 77 70 61 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 65 4e 54 45 52 50 52 49 53 45 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 12 00 70 45 52 53 4f 4e 41 4c 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 13 00 70 45 52 53 4f 4e 41 4c 02 2a 00 00 00 00 00 00 00 00 00 00 7d 2a 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 7d 2a 00 00 00 00 5d 0c 2a 00 00 00 00 5b 2a 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 68 70 65 02 0c 2a 00 00 00 00 00 00 02 62 73 73 69 64 02 1a 00 02 14 63 1a 64 15 1a 18 17 02 0c 2a 00 00 00 00 00 00 02 6d 4f 44 45 4c 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 5b 2a 00 00 00 00 00 00 00 00 00 00 02 69 44 02 1a 00 14 12 12 0c 2a 00 00 00 00 00 00
                                                                                                                                        Data Ascii: wpapERSONAL*wpaeNTERPRISE*wpapERSONAL*wpapERSONAL*}*]*}*]*[*nAMEhpe*bssidcd*mODEL{*[*iD*
                                                                                                                                        2024-09-30 12:18:14 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 11 02 1a 00 5b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 6d 4f 44 45 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 4e 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 43 02 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 41 58 02 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 63 48 41 4e 4e 45 4c 02 1a 00 7b 7d 2a 00 00 00 00 00 00 00 00 00 00 00 00 5d 2a 00 00 00 00 00 00 00 00 00 00 5d 0c 2a 00 00 00 00 00 00 00 00 00 00 02 73 45 43 55 52 49 54 59 02 1a 00 7b 2a 00 00 00 00 00 00 00 00 00 00 00 00 02 77 70 61 00 65 4e
                                                                                                                                        Data Ascii: ]*[*mODE{*A*N*AC*AX*}*cHANNEL{}*]*]*sECURITY{*wpaeN


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        3192.168.2.44974366.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:18:14 UTC90OUTGET /pjf/WallMaterials.json HTTP/1.1
                                                                                                                                        Host: www.netspotapp.com
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-09-30 12:18:14 UTC361INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:18:14 GMT
                                                                                                                                        Content-Type: application/json
                                                                                                                                        Content-Length: 3048
                                                                                                                                        Last-Modified: Fri, 14 Jun 2024 15:36:17 GMT
                                                                                                                                        Connection: close
                                                                                                                                        ETag: "666c6371-be8"
                                                                                                                                        Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                                                                                                                        Cache-Control: max-age=315360000
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        2024-09-30 12:18:14 UTC3048INData Raw: 5b 2d 2a 00 00 02 6a 53 4f 4e 76 45 52 53 49 4f 4e 02 1a 00 17 0c 2d 2a 00 00 02 6d 41 54 45 52 49 41 4c 02 1a 00 7b 2d 2a 00 00 00 00 5b 2d 2a 00 00 00 00 00 00 02 69 44 02 1a 00 13 0c 2d 2a 00 00 00 00 00 00 02 74 59 50 45 02 1a 00 7b 00 11 00 7d 0c 2d 2a 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 62 52 49 43 4b 02 0c 2d 2a 00 00 00 00 00 00 02 61 42 53 4f 52 50 54 49 4f 4e 02 1a 00 12 0e 10 0c 2d 2a 00 00 00 00 00 00 02 72 45 46 4c 45 43 54 49 4f 4e 02 1a 00 10 0e 12 2d 2a 00 00 00 00 5d 0c 2d 2a 00 00 00 00 5b 2d 2a 00 00 00 00 00 00 02 69 44 02 1a 00 11 12 0c 2d 2a 00 00 00 00 00 00 02 74 59 50 45 02 1a 00 7b 00 11 00 7d 0c 2d 2a 00 00 00 00 00 00 02 6e 41 4d 45 02 1a 00 02 63 4f 4e 43 52 45 54 45 02 0c 2d 2a 00 00 00 00 00 00 02 61 42 53 4f 52 50
                                                                                                                                        Data Ascii: [-*jSONvERSION-*mATERIAL{-*[-*iD-*tYPE{}-*nAMEbRICK-*aBSORPTION-*rEFLECTION-*]-*[-*iD-*tYPE{}-*nAMEcONCRETE-*aBSORP


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        4192.168.2.44975066.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:19:38 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:19:38 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:19:39 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:19:39 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=5aefd1a0abd7950accb05ed46e27162e; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:19:39 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        5192.168.2.44975166.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:19:40 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:19:40 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:19:40 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:19:40 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=6a5e97fc16c82d233279b700885bf771; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:19:40 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        6192.168.2.44975266.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:19:43 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:19:43 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:19:44 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:19:43 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=94b4846d851ff1f0c5a1f85564b54203; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:19:44 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        7192.168.2.44975366.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:19:49 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:19:49 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:19:50 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:19:50 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=00cb4997d7fee863455ad965573e0546; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:19:50 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        8192.168.2.44975466.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:19:57 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:19:57 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:19:58 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:19:58 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=fddee83e4faaa577de579c1eab9e1884; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:19:58 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        9192.168.2.44975566.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:20:01 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:20:01 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:20:02 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:20:02 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=ba41ef4dff5125f0691bce461dc4d28a; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:20:02 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        10192.168.2.44975666.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:20:32 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:20:32 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:20:33 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:20:33 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=9c0d148aac2edf73678306d1f0df1495; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:20:33 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        11192.168.2.44975766.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:20:37 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:20:37 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:20:38 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:20:38 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=52c08a0fc32950e0fb7bda293071f295; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:20:38 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        12192.168.2.44975866.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:20:41 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:20:41 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:20:41 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:20:41 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=2272326baa503e04e5bbdd0d0729adeb; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:20:41 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        13192.168.2.44975966.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:20:52 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:20:52 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:20:53 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:20:53 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=697530c9f6b99e5e801bf55fe8e9d50e; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:20:53 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        14192.168.2.44976066.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:20:57 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:20:57 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:20:57 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:20:57 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=d32d71f7b675f21f58838741e08f33e6; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:20:57 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        15192.168.2.44976166.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:21:25 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:21:25 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:21:25 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:21:25 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=7850f708358e26e8469d01d028edae8d; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:21:25 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        16192.168.2.44976266.135.20.63443928C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-09-30 12:21:36 UTC176OUTPOST /activator/ HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: activator
                                                                                                                                        Content-Length: 128
                                                                                                                                        Host: updates.netspotapp.com
                                                                                                                                        2024-09-30 12:21:36 UTC128OUTData Raw: 68 69 64 3d 30 5f 63 33 32 32 34 34 63 31 5f 31 5f 62 36 66 30 35 37 30 38 5f 32 5f 63 36 35 66 61 32 65 37 5f 34 5f 37 64 39 33 38 36 38 62 5f 26 6c 69 63 65 6e 73 65 5f 6b 65 79 5f 63 6f 64 65 3d 42 43 36 43 33 2d 31 43 30 30 31 2d 45 41 35 33 39 2d 33 44 44 38 44 2d 39 46 34 43 32 26 70 72 6f 64 75 63 74 5f 69 64 3d 31 31 34 26 70 72 6f 64 75 63 74 5f 76 65 72 73 69 6f 6e 3d 33
                                                                                                                                        Data Ascii: hid=0_c32244c1_1_b6f05708_2_c65fa2e7_4_7d93868b_&license_key_code=BC6C3-1C001-EA539-3DD8D-9F4C2&product_id=114&product_version=3
                                                                                                                                        2024-09-30 12:21:37 UTC411INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx/1.20.2
                                                                                                                                        Date: Mon, 30 Sep 2024 12:21:37 GMT
                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        X-Powered-By: PHP/7.3.33
                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Set-Cookie: PHPSESSID=06b1b80737562d28d5c1430fa1944f7a; path=/
                                                                                                                                        Strict-Transport-Security: max-age=31536000;
                                                                                                                                        2024-09-30 12:21:37 UTC5483INData Raw: 65 37 36 0d 0a 6d 76 43 49 35 51 79 78 32 51 6c 4d 43 33 2b 69 68 39 63 44 33 44 34 59 4a 34 76 6c 77 35 39 4d 4d 4d 33 46 65 56 31 47 55 59 58 57 4a 54 63 67 69 35 6d 48 43 45 63 6b 48 58 66 47 74 50 43 58 48 74 61 51 74 78 57 30 43 34 30 63 73 46 6b 6e 36 61 46 2b 4e 45 72 73 67 33 57 49 69 7a 4e 41 57 65 70 43 6f 56 59 47 73 75 7a 67 5a 39 6d 4a 37 36 52 41 6f 6d 30 52 71 35 54 68 58 44 73 66 4b 6b 6d 6c 6c 47 4f 49 65 2b 74 79 72 63 4f 7a 4e 58 54 4d 38 68 44 37 62 2f 52 39 7a 6d 38 77 52 6c 53 35 72 39 41 41 33 34 66 42 47 67 38 61 58 73 30 46 53 74 74 45 78 51 71 65 4b 31 4c 67 67 4e 34 46 76 50 34 69 34 6d 74 71 2f 39 72 44 72 51 47 48 4e 2b 58 50 51 2f 42 58 56 51 4c 38 69 64 73 34 75 6e 66 4c 54 72 63 34 65 34 30 58 6a 71 73 51 50 4a 41 30 70 48
                                                                                                                                        Data Ascii: e76mvCI5Qyx2QlMC3+ih9cD3D4YJ4vlw59MMM3FeV1GUYXWJTcgi5mHCEckHXfGtPCXHtaQtxW0C40csFkn6aF+NErsg3WIizNAWepCoVYGsuzgZ9mJ76RAom0Rq5ThXDsfKkmllGOIe+tyrcOzNXTM8hD7b/R9zm8wRlS5r9AA34fBGg8aXs0FSttExQqeK1LggN4FvP4i4mtq/9rDrQGHN+XPQ/BXVQL8ids4unfLTrc4e40XjqsQPJA0pH


                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Behavior

                                                                                                                                        Click to jump to process

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:08:17:43
                                                                                                                                        Start date:30/09/2024
                                                                                                                                        Path:C:\Users\user\Desktop\NetSpot.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\NetSpot.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:83'966'680 bytes
                                                                                                                                        MD5 hash:8CE5F5B39CD7AB4A9B227068D3F3B12A
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:1
                                                                                                                                        Start time:08:17:44
                                                                                                                                        Start date:30/09/2024
                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp" /SL5="$1042E,82973157,925184,C:\Users\user\Desktop\NetSpot.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:3'268'288 bytes
                                                                                                                                        MD5 hash:2498951C33DB1793078FDA96E0A95FEB
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:4
                                                                                                                                        Start time:08:18:01
                                                                                                                                        Start date:30/09/2024
                                                                                                                                        Path:C:\Program Files\NetSpot\NetSpot.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:"C:\Program Files\NetSpot\NetSpot.exe" -firstrun
                                                                                                                                        Imagebase:0x257c2370000
                                                                                                                                        File size:463'552 bytes
                                                                                                                                        MD5 hash:5D11AE8FEF71CFFF200D1A28CAAB6BFC
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:false

                                                                                                                                        Disassembly

                                                                                                                                        No disassembly