Arrival_Notice-AutonotificationimportsEUR-sealandmaersk.com_october2021.vbs

Status: finished

Submission Time: 2021-10-12 04:24:18 +02:00

Malicious

Trojan

Evader

Ransomware

Spyware

Exploiter

Miner

GuLoader, RemCom RemoteAdmin Mimikatz HawkEye Immi

Comments

Details

Analysis ID:
500597
API (Web) ID:
868173
Analysis Started:

2021-10-12 04:28:30 +02:00
Analysis Finished:

2021-10-12 04:57:56 +02:00
MD5:
3db65d6cb8c8f1b0e97dfc293d28e295
SHA1:
c3fb70c3613ccdcdac2e4a12df17551ab93a88a4
SHA256:
6394c4e126b8ef4cf8e66d43a54cfd42fd86b3003292f621f0ca427bc12051d8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

Open Full Report

malicious

Score: 12/90

malicious

Score: 6/45

malicious

IPs

IP	Country	Detection
193.104.197.90	unknown
178.32.63.50	France

Domains

Name	IP	Detection
septnet.duckdns.org	193.104.197.90

URLs

Name	Detection
http://shdjhgftyhgjklolkjio.dns.navy/bcz/document.doc
http://110.42.4.180:
http://www.bonusesfound.ml/update/index.php
Click to see the 97 hidden entries
http://200.159.128.
http://www.whitehouseknutsford.co.uk/invoice-status/please-pull-invoice-684594/
http://tempuri.org/
http://masgiO.info/cd/cd.php?id=%s&ver=g
http://tbapi.search.ask.comxb
http://sds.clrsch.com/x
http://playsong.mediasongplayer.com/
http://tiasissi.com.br/revendedores/jquery/
http://207.154.225.82/report.json?type=mail&u=$muser&c=
http://www.xiuzhe.com/ddvan.exe
http://66.148.74.7/zu2/zc.php
http://t.zer9g.com/
http://149.3.170.235/qw-fad/
http://maringareservas.com.br/queda/index.php
http://javafx.com
http://www.mva.by/tags/ariscanin1.e
http://verred.net/?1309921
http://wac.edgecastcdn.net/800952/5b595c13-aea5-4a6c-a099-d29c4678f6f2-api/gfbs
https://remote.bittorrent.com
http://www.searchmaid.com/
https://bit.ly/3kvdcmi
http://www.51jetso.com/
http://m.mworld.vn/MWorld30/data20.xm?a=getip&g=3&sex=Android
https://mort2021.s3-eu-west-1.amazonaws.com/image2.png
https://eeyhh567.s3.eu-west-3.amazonaws.com/image2.png
https://raw.githubusercontent.com/
http://avnisevinc.blogspot.com/
http://www.sniperspy.com/guide.html
http://bdsmforyoungs.blogspot.com/
http://agressor58.blogspot.com/
http://www.mybrowserbar.com/cgi/coupons.cgi/
http://memberservices.passport.net/memberservice.srf
https://cdn4.buysellads.net/pub/tempmail.js?
http://logs-01.loggly.com/inputs
http://%63%61%39%78%2e%63%6f%6d/ken.gif
https://safedental.org/wp-includes/css/report-maerskline.php
https://longurl.in/tllwu
http://www.chatzum.com/statistics/?affid=$RPT_AFFID&cztbid=$RPT_UID&inst=$RTP_SETINST&sethp=$RTP_SET
http://82.98.235.
http://www.pcpurifier.com/buynow/?
http://handjobheats.com/xgi-bin/q.php
https://bit.ly/3kthd4j
https://jabaltoor.com/copy/img/blog/cat-post/r7gnor1h0.php
http://data1.yoou8.com/
http://artishollywoodbikini.blogspot.com/
http://team.afcorp.afg/chr/crt-ho_30/newjflibrary
http://www.trotux.com/?z=
https://pigeonious.com/img/
https://kiwisanagustin.com/wp-admin/includes/opo.php%22%20method%3d%22post%22%20style%3d%22box-sizin
https://anonfiles.com/
http://canonicalizer.ucsuri.tcs/3
https://jovial-pasteur.159-89-118-202.plesk.page/wp-content/uploads/index.php
http://akrilikkapak.blogspot.com/
https://www.bitly.com/ad
http://w.robints.us/cnzz.htmlwidth=0height=0
http://usa-national.info/gpu/band/grumble.dot
http://install.outbrowse.com/logTrack.php?x
https://www.dropbox.com/
http://rghost.net/download/
http://139.162.
https://sumnermail.org/sumnerscools/school.php
http://actresswallpaperbollywood.blogspot.com/
http://185.172.110.217/robx/remit.jpg
http://www.chambersign.org1
http://errors.statsmyapp.comxa
http://ati.vn
https://communitymanageragency.com/wp-admin/css/colors/light/report-pdf.php
http://Yyl.mofish.cn/interface/SeedInstall.aspx
http://today-friday.cn/maran/sejvan/get.php
https://zangomart.com/soft/order/information/adobe2/index.htm
http://minetopsforums.ru/new_link3.php?site=
http://stmichaelolivewood.com/templates/landofchrist/css/msg.jpg
http://www.cooctdlfast.com/download.php?
http://77.81.225.138/carnaval2017.zip
http://aerytyre.blogspot.com/
https://rotf.lol/3u6d9443
https://xmrig.com/wizard
http://esiglass.it/glassclass/glass.php
http://avnpage.info/final3.php
http://www.mvps.org/vb
https://bemojo.com/ds/161120.gif
https://tinyurl.com/up77pck
http://aartemis.com/?type=sc&ts=
https://go.wikitextbooks.info
http://www.slotch.com/ist/softwares/v4.0/istdownload.exe
http://blogsemasacaparnab.blogspot.com/
http://5starvideos.com/main/K5
http://security-updater.com/binaries/
http://tikotin.com
https://sweetsizing.com/vip/
http://eduardovolpi.com.br/flipbook/postal/services/parcel)
http://walden.co.jp/wp/divorce/divorce.php?id=zxjpyy5tb3jyaxnvb
https://sotheraho.com/wp-content/fonts/reportexcelnew.php
http://spywaresoftstop.com/load.php?adv=141
http://www.youtube.com/watch?v=Vjp7vgj119s
http://lo0oading.blogspot.com/
http://mexicorxonline.com/glad/imagenes.html?disc=abuse&code=7867213

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\AZTEKERNES.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\el-GR\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\el-GR\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 97 hidden entries
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\de-DE\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\de-DE\ProtectionManagement.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\de-DE\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\de-DE\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\da-DK\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\da-DK\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\da-DK\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\cy-GB\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\cs-CZ\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\cs-CZ\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\cs-CZ\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\com.microsoft.defender.be.chrome.json	ASCII text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ca-ES\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ca-ES\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ca-ES-valencia\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\bs-Latn-BA\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\bn-IN\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\bg-BG\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\bg-BG\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\az-Latn-AZ\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\as-IN\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ar-SA\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ar-SA\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\es-ES\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fr-CA\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fr-CA\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fil-PH\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fi-FI\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fi-FI\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fi-FI\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\fa-IR\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\eu-ES\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\et-EE\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\et-EE\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\es-MX\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\es-MX\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\am-ET\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\es-ES\ProtectionManagement.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\es-ES\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\es-ES\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\endpointdlp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\en-US\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\en-US\ProtectionManagement.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\en-US\MpEvMsg.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\en-US\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\en-GB\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\en-GB\MpAsDesc.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\el-GR\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Microsoft-Antimalware-Service.man	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpOAV.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpEvMsg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpDlpCmd.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpDetoursCopyAccelerator.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpDetours.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpCopyAccelerator.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpCommu.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpCmdRun.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpClient.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpAzSubmit.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpAsDesc.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Microsoft-Windows-Windows Defender.man	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpRtp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Microsoft-Antimalware-RTP.man	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Microsoft-Antimalware-Protection.man	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Microsoft-Antimalware-NIS.man	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Microsoft-Antimalware-AMFilter.man	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Drivers\WdNisDrv.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Drivers\WdFilter.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Drivers\WdDevFlt.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Drivers\WdBoot.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\DefenderCSP.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ConfigSecurityPolicy.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\FLGEBREV\COCKFIGHT.exe	data	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpPerformanceReport.Format.ps1xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ThirdPartyNotices.txt	ASCII text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ProtectionManagement_uninstall.mof	C source, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ProtectionManagement.mof	C source, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\ProtectionManagement.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpWDOScan.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpThreatDetection.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpThreatCatalog.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpThreat.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpSignature.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpScan.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpPreference.cdxml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\af-ZA\mpuxagent.dll.mui	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpPerformanceRecording.wprp	XML 1.0 document, UTF-8 Unicode (with BOM) text	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpPerformanceRecording.psm1	ASCII text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\MSFT_MpComputerStatus.cdxml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\Powershell\Defender.psd1	ASCII text, with CRLF line terminators	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\NisSrv.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MsMpLics.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MsMpEng.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpUxAgent.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpUpdate.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpSvc.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\21DBFFC8-FB6E-40AB-AA7A-82FB807B2522\MpSigStub.exe	PE32+ executable (GUI) x86-64, for MS Windows	#