Windows Analysis Report
SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Analysis ID:	1436481
MD5:	99f74d2572735bbacb8251a73e9cb312
SHA1:	5a43d2e4314e32572d6399ec61175f42af567822
SHA256:	b68bf709ac86ed32664e0e2ddd27da386281480979860e95240ced16f50fd926
Tags:	exe
Infos:

Detection

Score:	31
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	33
Range:	0 - 100

Signatures

Found direct / indirect Syscall (likely to bypass EDR)

AV process strings found (often used to terminate AV products)

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to enumerate running services

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to retrieve information about pressed keystrokes

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

File is packed with WinRar

Form action URLs do not match main URL

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found iframes

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries information about the installed CPU (vendor, model number etc)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Signatures

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\testlasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\CPUEater.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ThreadRacer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\TweakScheduler.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\vistammsc.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\InstallHelper.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\Insights.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\LogViewer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\plActivate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\bitsumsessionagent.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	EXE: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to behavior

Phishing

Form action URLs do not match main URL

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress

Found iframes

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false

HTML title does not match URL

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1

HTTP Parser: Title: Get Process Lasso Pro does not match URL

Source: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false	HTTP Parser: No favicon
Source: https://m.stripe.network/inner.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false	HTTP Parser: No favicon
Source: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false	HTTP Parser: No favicon

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\testlasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\CPUEater.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ThreadRacer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\TweakScheduler.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\vistammsc.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\InstallHelper.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\Insights.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\LogViewer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\plActivate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\bitsumsessionagent.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	EXE: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49910 version: TLS 1.2

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_korean.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_polish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdb source: LogViewer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\testlasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, testlasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdb source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb$ source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdbi source: InstallHelper.exe.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdbZ source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdb source: Insights.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb` source: CPUEater.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdbd source: Insights.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdbJ source: LogViewer.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessLassoLauncher.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000070AC000.00000004.00000020.00020000.00000000.sdmp, ProcessLassoLauncher.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdbGCTL source: ProcessGovernor.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\x64\Release\bitsumsessionagent.pdb source: bitsumsessionagent.exe, 00000002.00000002.2879821342.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000002.00000000.1663989043.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000002.1688973134.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000000.1680227560.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb source: CPUEater.exe.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdb source: ProcessGovernor.exe.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdbS source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdb source: InstallHelper.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdbY source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_spanish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\plActivate.pdb source: plActivate.exe.0.dr

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_0045BA94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	0_2_0046D420
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B6A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6472B6A84
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E2048 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00007FF7E99E2048
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA21A0 DeleteFileW,DeleteFileW,RemoveDirectoryW,GetFileAttributesW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,GetFileAttributesW,	4_2_00007FF7E6CA21A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA1C60 FindFirstFileW,GetFileAttributesW,FindNextFileW,_invalid_parameter_noinfo,	4_2_00007FF7E6CA1C60

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 192.0.76.3 192.0.76.3
Source: Joe Sandbox View	IP Address: 192.0.76.3 192.0.76.3
Source: Joe Sandbox View	IP Address: 151.101.128.176 151.101.128.176

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6CC46F0 InternetOpenUrlW,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

4_2_00007FF7E6CC46F0

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A2tp3zbaFOOWXvO&MD=VZaYXHLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-digital-downloads-pro/includes/blocks/assets/css/edd-blocks.css?ver=3.2.12 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/bitsum-wp//css/edd-supplemental-styles.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /v3/?ver=v3 HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/theme-my-login/assets/styles/theme-my-login.min.css?ver=7.1.7 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/jquery.fancybox-1.3.4.css?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-digital-downloads-pro/assets/css/edd.min.css?ver=3.2.12 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-software-licensing/assets/css/edd-sl.css?ver=3.8.11 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-multi-currency/assets/build/style-frontend.css?ver=1.1.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-recurring/assets/css/styles.css?ver=2.12.3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/css/plugins.css?ver=20240503 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/style.css?ver=202306092 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/css/custom.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/skins/default/skin.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tml-social/assets/styles/tml-social.min.css?ver=1.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jetpack/css/jetpack.css?ver=13.3.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/google-analytics-premium/assets/js/frontend-gtag.min.js?ver=8.26.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Legacy/ajax.min.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-user-history/assets/js/tracking.js?ver=1.2.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-recurring/assets/js/edd-frontend-recurring.js?ver=2.12.3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /js/anchor-offset.js?ver=2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912395 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /v3/?ver=v3 HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "2692eab1e562bacee19ab5e8f3b0b448"If-Modified-Since: Sat, 04 May 2024 04:29:46 GMT
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912399 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/theme-my-login/assets/scripts/theme-my-login.min.js?ver=7.1.7 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/GalleryDisplay/common.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/lightbox_context.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/jquery.easing-1.3.pack.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/jquery.fancybox-1.3.4.pack.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/nextgen_fancybox_init.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /e-202418.js HTTP/1.1Host: stats.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-digital-downloads-pro/assets/js/edd-ajax.js?ver=3.2.12 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/themes/meminz/css/plugins.css?ver=20240503Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/fonts/open-sans/opensans-regular-webfont.woff2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/themes/meminz/css/plugins.css?ver=20240503Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=7.6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=7.6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/img/pricing-line.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/wp-content/themes/meminz/style.css?ver=202306092Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/bitsum_logo_transparent.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jetpack/_inc/build/widgets/eu-cookie-law/eu-cookie-law.min.js?ver=20180522 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=deleted
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/img/pricing-line.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=13.3.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3994&rand=0.20887544996126906 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-multi-currency/assets/build/frontend.js?ver=1.1.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/js/plugins.js?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/js/custom.js?ver=20231102 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/30dayrefund-e1605890583229.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/bitsum_logo_transparent.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/30dayrefund-e1605890583229.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3994&rand=0.20887544996126906 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /inner.html HTTP/1.1Host: m.stripe.networkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://js.stripe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912409 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912408.49.0.0
Source: global traffic	HTTP traffic detected: GET /out-4.5.43.js HTTP/1.1Host: m.stripe.networkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://m.stripe.network/inner.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.5645082368297181 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/favicon.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.0645236413472281 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.5645082368297181 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/favicon.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.0645236413472281 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912417 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=2c02c639-8c02-4f40-b937-fb8deabf55dbe8b7e5
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=2c02c639-8c02-4f40-b937-fb8deabf55dbe8b7e5
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1943&rand=0.41106217824244795 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1943&rand=0.41106217824244795 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912426 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=2309&rand=0.757336543097145 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=2309&rand=0.757336543097145 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912432 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A2tp3zbaFOOWXvO&MD=VZaYXHLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3138&rand=0.2663419028316665 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3138&rand=0.2663419028316665 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912440 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3224&rand=0.7777739801533385 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3224&rand=0.7777739801533385 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912447 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1960&rand=0.9310427983388707 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1960&rand=0.9310427983388707 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912453 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912455.2.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.607764172633884 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.607764172633884 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912456.1.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912456.1.0.0
Source: global traffic	HTTP traffic detected: GET /v3/?ver=v3 HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "2692eab1e562bacee19ab5e8f3b0b448"If-Modified-Since: Sat, 04 May 2024 04:29:46 GMT
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912462 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912456.1.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3177&rand=0.6102218130973263 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3177&rand=0.6102218130973263 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912469 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1784&rand=0.7880681605956541 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1784&rand=0.7880681605956541 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912475 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3149&rand=0.33416128811766366 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3149&rand=0.33416128811766366 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912483 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=4119&rand=0.6201211102575397 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=4119&rand=0.6201211102575397 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912491 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1888&rand=0.7260079474896437 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1888&rand=0.7260079474896437 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912497 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1781&rand=0.6508001778069497 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912497.26.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1781&rand=0.6508001778069497 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9

Source: chromecache_216.8.dr	String found in binary or memory: "https://www.facebook.com/StripeHQ", equals www.facebook.com (Facebook)
Source: chromecache_216.8.dr	String found in binary or memory: "https://www.linkedin.com/company/stripe/", equals www.linkedin.com (Linkedin)
Source: chromecache_195.8.dr	String found in binary or memory: return b}yC.K="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bitsum.com
Source: global traffic	DNS traffic detected: DNS query: js.stripe.com
Source: global traffic	DNS traffic detected: DNS query: stats.wp.com
Source: global traffic	DNS traffic detected: DNS query: v0.wordpress.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: pixel.wp.com
Source: global traffic	DNS traffic detected: DNS query: m.stripe.network
Source: global traffic	DNS traffic detected: DNS query: m.stripe.com
Source: global traffic	DNS traffic detected: DNS query: stripe.com

Source: unknown

HTTP traffic detected: POST /g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912395180&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=1&sid=1714912397&sct=1&seg=0&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=6799 HTTP/1.1Host: analytics.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://bitsum.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PostUpdate.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: chromecache_254.8.dr	String found in binary or memory: http://daneden.me/animate
Source: chromecache_254.8.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_254.8.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_254.8.dr, chromecache_221.8.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_239.8.dr, chromecache_258.8.dr	String found in binary or memory: http://go.wpbakery.com/licensing
Source: chromecache_221.8.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_221.8.dr	String found in binary or memory: http://pupunzi.open-lab.com
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_221.8.dr	String found in binary or memory: http://www.gmarwaha.com/jquery/jcarousellite/
Source: chromecache_221.8.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_221.8.dr	String found in binary or memory: http://www.ianlunn.co.uk/
Source: chromecache_221.8.dr	String found in binary or memory: http://www.ianlunn.co.uk/plugins/jquery-parallax/
Source: chromecache_221.8.dr	String found in binary or memory: http://www.mattvarone.com/web-design/uitotop-jquery-plugin
Source: chromecache_221.8.dr	String found in binary or memory: http://www.no-margin-for-errors.com)
Source: chromecache_221.8.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_221.8.dr	String found in binary or memory: http://www.owlgraphic.com/owlcarousel/
Source: pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://Bitsum.com
Source: ProcessLasso.exe	String found in binary or memory: https://activate.bitsum.com/?
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr, plActivate.exe.0.dr	String found in binary or memory: https://activate.bitsum.com/?Process
Source: ProcessLasso.exe	String found in binary or memory: https://activate.bitsum.com/check.php
Source: chromecache_195.8.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_195.8.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_216.8.dr	String found in binary or memory: https://assets.ctfassets.net
Source: chromecache_216.8.dr	String found in binary or memory: https://assets.ctfassets.net/fzn2n1nzq965/01hMKr6nEEGVfOuhsaMIXQ/c424849423b5f036a8892afa09ac38c7/fa
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/1a930247.woff2)
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/AnimatedCodeEditor-86776e0635434fc49715.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/AnimatedIcon-0b7478e1f9234aae8838.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/AtlasDashboardGraphic-042f01c5c5f7a5d7ca1a.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/BackgroundGlobe-64953aedea5f231d07b7.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Bootstrapper-5KGKLV5W.js
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/BrandModal-77aed9e8900fc44f1554.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/BrandModalGraphic-e9e1fc8f4c2bf8a9bd44.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CardField-739e285edeecea986ed0.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CaseStudyCard-60f3f5412530e6e993e8.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CheckoutFormGraphic-b2509d821651cbc82709.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditor-6eacb8e42c7465ddd557.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorAsciiLoader-c1a350cb85f7a989f599.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorAutocomplete-dc62d89d9e2121e48baf.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorCursor-517911b19e66c94dafbb.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorLineNumbers-0eded1c84476ec649145.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorStatusBar-24c7c84123b2b6e4f091.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeSyntax-e0768ef33503219c518d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeTerminal-ca23848effb056969042.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CopyTitle-c641e014b3946628bc95.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCardBackground-853f685776c80eaa0089
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCardOverlay-09e527d11b6471566771.cs
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarousel-6ad3f0dce85838a77d8b.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavGroup-41fa77c08914b1b778
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavItem-fd5a8f8fac232f661b3
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavTrack-1380f9c2e275695c5e
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/DevelopersCodeEditor-eadbd8bbcdedd8edbbe3.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/DomGraphic-5a317684eb2b9d1f76d2.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/EnterpriseCarouselAside-b05102a0b81de0c11406.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Field-ea906aa31d4012757deb.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Flag-0530f6f8a0ae1e011860.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Form-401d42df82b6e8482f06.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Frontdoor-4513faa7ba2dd8949ee2.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingAnimation-fa25c03988d3d1f36a35.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphic-c9e3aeda05ab14a454b1.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphicLogo-2cee099c6b840fb58d86.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphicTier-4d3b73ee5f599b93aa50.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectAnimation-f4ce77b995975fa55335.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectFlowDiagram-bcf0320e44c152e1ca03.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectFlowDiagramOrderNotification-b0f6b26d
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnection-192c60d5ff4ac27dec4f.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphic-ab42746a2bb65d850037.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphicImage-ff4d221174ca6cab4402.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphicOutline-cbb29a27650befdb3913.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIcon-f22f360dadf72ca61a47.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIconGrid-f5ddeb3e7d94044a9646.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIconOutline-2c0929473dcd28db2e99.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIssuingAnimation-ba03e22ccfea12d68c6c.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIssuingCard-b80b51aa94acdc8a688e.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorPaymentsAnimation-71bdbfda51a40294b593.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorPaymentsGraphic-45fe2caceea82c749c40.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorStandaloneAnimation-5aefb3912ae346b5293e.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorStickyAnimation-4ea4d6a5e9b414987337.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorSubanimation-b9163916332f2a67d464.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorSuiteAnimation-683958a93f82ca151ea7.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Global-f1eeffae1de3242fcca9.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GlobalizationPicker-cb59e0de1d5c3aeaa184.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Globe-b2159f87180df559d2e8.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GradientLegend-f1cabc70fbf82f3e9c05.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicForm-7d75b8ba72e0304da82c.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormField-33f78921d62dc714d424.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldInput-3d704dfad5ff81d0e80b.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldInputGrid-281fa6a92c2e3caa14c9.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldList-5317148749a9268ec04d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GridLayout-0b90e779a89c0243e739.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/HorizontalOverflowContainer-0b85e8f46a0db21a6ef9.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Icon-646136cd9e336d8c18d7.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/InvoicingFeatureGraphic-db95f6cbfa638cca151e.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/List-d4c6ad06c173a7dca2ed.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/LocaleControl-09ce62c550a15bb456e5.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/LowCodeNoCode-de32a3423ce25c839d82.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/MobileStickyNav-e95ca4c4af5266ca01f2.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/MobileStickyNavControl-1518a74559667e928374.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/PaymentLinksFeatureGraphic-6c9382201d4ede7c851a.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Picture-3f0067e6b392244c9bda.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ProductBadge-aa2497ab8abdcc6a3d34.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ProductFeatureCard-4476eb8c383446c052aa.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ProductListing-3e17d7acee941b127dd1.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/RowLayout-9272a8ee72d3dac4a6ef.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/SiteFooterSection-1c0a8e1d30b69be4ef69.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/SiteFooterSectionSupportLinkList-US-bf39e598e6b8dad8c
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StartUp-889f28d89767c8a9d60f.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Stripe-b3679504f08482f96a0d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StripeProductUsed-448c2bc0913c408517f4.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StripeProductUsedList-4a8c16b5e5f3fa51247d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StripeSet-423109ad4bf57a2a011c.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Track-2f2fce741fc3d8fc8450.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ac6713d5.woff)
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/f965fdf4.woff2
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/f965fdf4.woff2)
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/imt-38da0d78a50596ad541ad6654b46af9a.js
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/store-936f0d847a16164e7f6b15d74659c4a9.html
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/stripethirdparty-srv/assets/
Source: pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com-sivusto.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com-sivustolta.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_russian.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com.
Source: pl_rsrc_russian.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_french.dll.0.dr, pl_rsrc_bulgarian.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr	String found in binary or memory: https://bitsum.com/%xtweakscheduler.exelassopecparkbitsumalaInstallerLanguageDWORDBitsumSOFTWARE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/1A
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.com/3Current
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/4
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/4Version
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/7Aktuelle
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/9La
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/:La
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/=Wersja
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr	String found in binary or memory: https://bitsum.com/?prod=pl&update_error_sigError
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/apps/coredirector
Source: LogViewer.exe.0.dr	String found in binary or memory: https://bitsum.com/bad
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/changelog/pl/changes.htm#latest?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/changelog/pl/changes.htm#latest?inproduct(Virtuelle
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/changes/processlasso/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr	String found in binary or memory: https://bitsum.com/check.phphttps://activate.bitsum.com/check.phpCHECK_OKUNSPECIFIEDstring
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/cpubalance/%dProBalanceProBalanceToday%s
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/docs/pl
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1&
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=16F8
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=17
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1CC
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1G
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1K
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1M
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1ay
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1d
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1h
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1r
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1s
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1y
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/get-process-lasso-server-edition/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr	String found in binary or memory: https://bitsum.com/get-process-lasso-server-edition/-https://activate.bitsum.com/?Process
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/get-process-lasso-server-edition/https://activate.bitsum.com/?Process
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/keep-running-gaas-info
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/keep-running-gaas-infoGlobal
Source: ProcessGovernor.exe.0.dr	String found in binary or memory: https://bitsum.com/minidumps
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/minidumps/
Source: pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/minidumps/.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000732C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000842B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000085F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000087E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008257000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007A96000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007C7F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000076E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006BC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007E76000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000078AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006DB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000751A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008067000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D9071000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B4551000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/parkcontrol/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/parkcontrol/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct0VIRHE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct6ERROR
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct:ERRORE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductCERREUR
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductFERRO
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductFERROR
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductH
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductIBA
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/portfolio/cpubalance/FThttps://bitsum.com/members/purchase-history/14.0.2.12
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/processlasso-docs/#processmatch
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/processlasso-docs/#processmatch;
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/processlasso-docs/#processmatchhttps://activate.bitsum.com/check.phpCHECK_OKarbgc
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000732C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000842B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000085F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000087E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008257000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007A96000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007C7F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000076E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006BC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007E76000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000078AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006DB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000751A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008067000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D9071000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B4551000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/
Source: pl_rsrc_russian.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_french.dll.0.dr, pl_rsrc_bulgarian.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct1Quedan
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct2Za
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct7H
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct7Process
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct8PozostaB
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct:Es
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct:Il
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct;There
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct?
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/processlasso/Explorer-Process
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/purchase/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/purchase/commercial/?inproduct1https://bitsum.com/processlasso/serve
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductO
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductT
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproducta
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductd
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductu
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductw
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproduct~
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/step1/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/step1/writetestFT%d%l%s
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/support.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com/support/?inproducte
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.com/support/?inproductf3uW03
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure#
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure$
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure5
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureG
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureH
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureN
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureS
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureU
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureV
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureX
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure_
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/translate/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com/translate/-
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com/translate//
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/translate/ERROR-
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.com/translate/F
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com0/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com3
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com5
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.comD
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.comLBitsumX
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.comb
Source: chromecache_195.8.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://cn.bitsum.com
Source: chromecache_216.8.dr	String found in binary or memory: https://dashboard.stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://dashboard.stripe.com/register
Source: chromecache_274.8.dr, chromecache_280.8.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_274.8.dr, chromecache_280.8.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/ganeshmax/jcarousellite/blob/master/LICENSE)
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/imakewebthings/jquery-waypoints/blob/master/licenses.txt
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/kswedberg/jquery-smooth-scroll
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/kswedberg/jquery-smooth-scroll/blob/master/LICENSE-MIT)
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/morr/jquery.appear/
Source: chromecache_216.8.dr	String found in binary or memory: https://github.com/stripe-samples
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/1ctgMwd2p9euFW9pPSM7jR/451d5e987ca7fa14060526e6b1766a8b/bm
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/1lCtk48IB26AGgXdHsrLrt/ad2816d6a744d5249c19ba66be22b0a6/ch
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/2EOOpI2mMZgHYBlbO44zWV/5a6c5d37402652c80567ec942c733a43/fa
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/3AGidihOJl4nH9D1vDjM84/9540155d584be52fc54c443b6efa4ae6/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/4jq1Wguyus7CA7yc2kxMgn/cf7b01aadf305daef40ac8acab654510/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/4zeFefnpB8yh7U3qSQRktP/d583ee93dd3d8910fa27296748699a0f/bm
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5C5LvT3YZvRTGYn7uabXGj/7da8063dc77c67b7f66a1479f47409c8/bu
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5DaqGgXeMbxSIqQj9WSqSF/8142c0c6e15b27a8bb6c8a0f8a5d4dfb/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5F0uhf7cRg9vhR6NmgWzzI/664e14ddebb91375f89f8dcc75242dc0/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5epSdhifMhjZWOkOxK9xG8/05715737a672f2069c17903d2acae585/ty
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5hEVwGQfvUQhsMjfASiuA/db4e12749695dbf5735787879ae56e96/fla
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5k7VeoAQQDK7032fIF6PEU/25f3670f5f4508103ee77afd92b7e074/ty
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/6c56LuWUxcACbVkv4fqszI/d0a88e48d11a88b97daf896246ac40da/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/6iLtU8qBUtE42tshpmZxY2/ac5b7b7a181524237b942e43620fceef/ch
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/7C4ROeiaqUa0HwwBU9EL9l/205ad1141f35c449a79c7dae1811d9b7/at
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/7jjWJlm9NHgLI7SV98B0Dg/ea1ae753f3764897fa4333311e41f496/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/7szA8TJHWKDIEuCbu6Yblm/4548db61648d063fb7e7dddfca04ab79/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/wEsTNDVgdEqaPAKkFdqnL/c69e1649432f1b772d86d81e423b7e3e/but
Source: chromecache_244.8.dr	String found in binary or memory: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Source: ProcessLasso.exe	String found in binary or memory: https://lic.bitsum.com/versioninfo/processlasso/attribs.txt
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lic.bitsum.com/versioninfo/processlasso/attribs.txtLassoJ
Source: chromecache_257.8.dr	String found in binary or memory: https://m.stripe.network
Source: chromecache_216.8.dr	String found in binary or memory: https://marketplace.stripe.com/
Source: chromecache_195.8.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_195.8.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_216.8.dr	String found in binary or memory: https://press.stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://q.stripe.com
Source: chromecache_216.8.dr	String found in binary or memory: https://sales-live-chat.stripe.com
Source: chromecache_216.8.dr	String found in binary or memory: https://sales-live-chat.stripe.com/render
Source: chromecache_216.8.dr	String found in binary or memory: https://schema.org
Source: chromecache_195.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_195.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_216.8.dr	String found in binary or memory: https://status.stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/#organization
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/ae
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/at
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/au
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/br
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/contact/sales
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-li
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-lu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/api
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/billing
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/connect
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/development
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/invoicing/hosted-invoice-page
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/libraries
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/no-code
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/no-code/payment-links
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/no-code/tap-to-pay
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/payments
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/payments/checkout
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/stripe-apps
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/terminal
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/upgrades#api-changelog
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/upgrades#api-versions
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-at
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-bg
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-br
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ca
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-cy
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-cz
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-de
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-dk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ee
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-es
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-fi
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-fr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-gi
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-gr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-hk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-hr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-hu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-it
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-jp
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-li
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-lt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-lu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-lv
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-mt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-mx
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-my
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-nl
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-no
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-pl
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-pt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ro
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-se
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-sg
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-si
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-sk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-th
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/es
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/es-us
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-ca
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-lu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/gb
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/guides
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/ie
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/in
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/issuing
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it-hr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it-si
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/jp
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/mx
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/nl
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/nl-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/nz
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/pricing
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/privacy
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/pt-pt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/radar
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/se
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/sigma
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/spc/licenses
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/sv-fi
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/th
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/us
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/use-cases/global-businesses
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-hk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-my
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-sg
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-us
Source: chromecache_230.8.dr	String found in binary or memory: https://subscribe.wordpress.com
Source: chromecache_230.8.dr	String found in binary or memory: https://subscribe.wordpress.com/memberships/?
Source: chromecache_216.8.dr	String found in binary or memory: https://support.stripe.com/?referrerLocale=en-us
Source: chromecache_195.8.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_216.8.dr	String found in binary or memory: https://twitter.com/stripe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr	String found in binary or memory: https://update.bitsum.com/files/auto/64/beta/pl4sfx.exehttps://update.bitsum.com/files/auto/64/pl4sf
Source: ProcessLasso.exe	String found in binary or memory: https://update.bitsum.com/userservices/versioninfo.php
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://update.bitsum.com/userservices/versioninfo.php&Platform=&Registered=&vnew=1?ProductName=&man
Source: chromecache_239.8.dr, chromecache_258.8.dr	String found in binary or memory: https://wpbakery.com)
Source: chromecache_195.8.dr	String found in binary or memory: https://www.google.com
Source: ProcessLasso.exe	String found in binary or memory: https://www.google.com/search?q=%s
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://www.google.com/search?q=%sopenProcess
Source: chromecache_195.8.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_195.8.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_216.8.dr	String found in binary or memory: https://www.linkedin.com/company/stripe/
Source: chromecache_195.8.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_216.8.dr	String found in binary or memory: https://youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49910 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF64729C270 GetAsyncKeyState,IsWindow,GetWindowTextW,GetDlgItem,IsWindow,GetWindowTextW,GetWindow,IsWindow,GetClassNameW,GetWindowTextW,GetWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,

1_2_00007FF64729C270

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729C270 GetAsyncKeyState,IsWindow,GetWindowTextW,GetDlgItem,IsWindow,GetWindowTextW,GetWindow,IsWindow,GetClassNameW,GetWindowTextW,GetWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,	1_2_00007FF64729C270
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB98E0 GetAsyncKeyState,IsWindow,GetWindowTextW,GetDlgItem,IsWindow,GetWindowTextW,GetWindow,IsWindow,GetClassNameW,GetWindowTextW,GetWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,	4_2_00007FF7E6CB98E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C62D20 GetKeyState,SetFocus,PostMessageW,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,PostMessageW,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,#413,	4_2_00007FF7E6C62D20
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C73E20 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,	4_2_00007FF7E6C73E20
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C63AB3 GetKeyState,SetFocus,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,	4_2_00007FF7E6C63AB3

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF64729C270

System Summary

Contains functionality to call native functions

Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D21F0 CreateMutexW,WaitForSingleObject,CreateEventW,CreateEventW,LoadLibraryW,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,GetCurrentProcess,SetPriorityClass,LoadCursorW,RegisterClassExW,CreateWindowExW,MessageBoxW,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,SetEvent,GetCurrentThreadId,SendMessageW,CloseHandle,ReleaseMutex,MessageBoxW,SetEvent,GetCurrentThreadId,FreeLibrary,CloseHandle,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,		2_2_00007FF7E99D21F0
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D1BC0 GetCurrentProcessId,ProcessIdToSessionId,GetForegroundWindow,GetWindowThreadProcessId,GetLastInputInfo,GetCurrentProcess,NtQueryInformationProcess,WaitForSingleObject,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,		2_2_00007FF7E99D1BC0

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00457AAF: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,

0_2_00457AAF

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004592C6	0_2_004592C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00467DDC	0_2_00467DDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00465011	0_2_00465011
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00468253	0_2_00468253
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004602F7	0_2_004602F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00465282	0_2_00465282
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004762A8	0_2_004762A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004613FD	0_2_004613FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046742E	0_2_0046742E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004764D7	0_2_004764D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004655B0	0_2_004655B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0047E600	0_2_0047E600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004607A7	0_2_004607A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045D833	0_2_0045D833
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004688AF	0_2_004688AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045395A	0_2_0045395A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00454A8E	0_2_00454A8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0047EAAE	0_2_0047EAAE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00482BB4	0_2_00482BB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045FCCC	0_2_0045FCCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00452EB6	0_2_00452EB6
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647276900	1_2_00007FF647276900
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472807A0	1_2_00007FF6472807A0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727D820	1_2_00007FF64727D820
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728256A	1_2_00007FF64728256A
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647276600	1_2_00007FF647276600
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647298470	1_2_00007FF647298470
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472904D0	1_2_00007FF6472904D0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647290FD0	1_2_00007FF647290FD0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727EE60	1_2_00007FF64727EE60
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727AE40	1_2_00007FF64727AE40
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647297F30	1_2_00007FF647297F30
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727FF00	1_2_00007FF64727FF00
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647291D80	1_2_00007FF647291D80
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647297E10	1_2_00007FF647297E10
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647276BCA	1_2_00007FF647276BCA
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727EAA0	1_2_00007FF64727EAA0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647298A00	1_2_00007FF647298A00
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B8888	1_2_00007FF6472B8888
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B3910	1_2_00007FF6472B3910
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729C680	1_2_00007FF64729C680
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472AE590	1_2_00007FF6472AE590
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647294580	1_2_00007FF647294580
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B3460	1_2_00007FF6472B3460
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B04B0	1_2_00007FF6472B04B0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728749D	1_2_00007FF64728749D
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647295530	1_2_00007FF647295530
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729B430	1_2_00007FF64729B430
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B632C	1_2_00007FF6472B632C
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472AE098	1_2_00007FF6472AE098
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B3F90	1_2_00007FF6472B3F90
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A7000	1_2_00007FF6472A7000
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A7E74	1_2_00007FF6472A7E74
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE6B	1_2_00007FF64728CE6B
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE41	1_2_00007FF64728CE41
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE9B	1_2_00007FF64728CE9B
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE83	1_2_00007FF64728CE83
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CEBB	1_2_00007FF64728CEBB
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CEF8	1_2_00007FF64728CEF8
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647296DE0	1_2_00007FF647296DE0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647299E30	1_2_00007FF647299E30
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A6E14	1_2_00007FF6472A6E14
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729CC60	1_2_00007FF64729CC60
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A6C28	1_2_00007FF6472A6C28
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B6A84	1_2_00007FF6472B6A84
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B0AC4	1_2_00007FF6472B0AC4
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B2938	1_2_00007FF6472B2938
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D21F0	2_2_00007FF7E99D21F0
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E4980	2_2_00007FF7E99E4980
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E04C8	2_2_00007FF7E99E04C8
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DBBC0	2_2_00007FF7E99DBBC0
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E0B48	2_2_00007FF7E99E0B48
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E9378	2_2_00007FF7E99E9378
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DBDAC	2_2_00007FF7E99DBDAC
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DCE04	2_2_00007FF7E99DCE04
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E4E0C	2_2_00007FF7E99E4E0C
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E2048	2_2_00007FF7E99E2048
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E0018	2_2_00007FF7E99E0018
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DF060	2_2_00007FF7E99DF060
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DBF98	2_2_00007FF7E99DBF98
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C778E0	4_2_00007FF7E6C778E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C69620	4_2_00007FF7E6C69620
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5B350	4_2_00007FF7E6C5B350
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C87450	4_2_00007FF7E6C87450
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6E010	4_2_00007FF7E6C6E010
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C66100	4_2_00007FF7E6C66100
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6ED30	4_2_00007FF7E6C6ED30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5FB40	4_2_00007FF7E6C5FB40
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BF9AA0	4_2_00007FF7E6BF9AA0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C217E0	4_2_00007FF7E6C217E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C03800	4_2_00007FF7E6C03800
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6E800	4_2_00007FF7E6C6E800
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C187B0	4_2_00007FF7E6C187B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C517B0	4_2_00007FF7E6C517B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C177D0	4_2_00007FF7E6C177D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C8C7C8	4_2_00007FF7E6C8C7C8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C567D0	4_2_00007FF7E6C567D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C59760	4_2_00007FF7E6C59760
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D1D768	4_2_00007FF7E6D1D768
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CCF738	4_2_00007FF7E6CCF738
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C168E0	4_2_00007FF7E6C168E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B8FC	4_2_00007FF7E6C4B8FC
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC4900	4_2_00007FF7E6CC4900
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C0E8A7	4_2_00007FF7E6C0E8A7
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B89F	4_2_00007FF7E6C4B89F
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0E858	4_2_00007FF7E6D0E858
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB1880	4_2_00007FF7E6CB1880
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFC880	4_2_00007FF7E6CFC880
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C37830	4_2_00007FF7E6C37830
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C49830	4_2_00007FF7E6C49830
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6C850	4_2_00007FF7E6C6C850
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D13830	4_2_00007FF7E6D13830
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B842	4_2_00007FF7E6C4B842
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C015A0	4_2_00007FF7E6C015A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2E5B0	4_2_00007FF7E6C2E5B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB15D0	4_2_00007FF7E6CB15D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5C5D0	4_2_00007FF7E6C5C5D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C525D0	4_2_00007FF7E6C525D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C9D5C0	4_2_00007FF7E6C9D5C0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFF560	4_2_00007FF7E6BFF560
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0E570	4_2_00007FF7E6D0E570
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D18548	4_2_00007FF7E6D18548
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D11520	4_2_00007FF7E6D11520
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC46F0	4_2_00007FF7E6CC46F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2A700	4_2_00007FF7E6C2A700
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C7E6D0	4_2_00007FF7E6C7E6D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFB660	4_2_00007FF7E6BFB660
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4F670	4_2_00007FF7E6C4F670
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D03658	4_2_00007FF7E6D03658
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BF3680	4_2_00007FF7E6BF3680
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C20680	4_2_00007FF7E6C20680
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2E680	4_2_00007FF7E6C2E680
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C97410	4_2_00007FF7E6C97410
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFB3B0	4_2_00007FF7E6BFB3B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C893C2	4_2_00007FF7E6C893C2
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C96370	4_2_00007FF7E6C96370
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D14360	4_2_00007FF7E6D14360
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5D380	4_2_00007FF7E6C5D380
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D12334	4_2_00007FF7E6D12334
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C714F0	4_2_00007FF7E6C714F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC1510	4_2_00007FF7E6CC1510
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C774A0	4_2_00007FF7E6C774A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CDC45C	4_2_00007FF7E6CDC45C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6E490	4_2_00007FF7E6C6E490
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C0C480	4_2_00007FF7E6C0C480
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C45430	4_2_00007FF7E6C45430
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C401F0	4_2_00007FF7E6C401F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C621F0	4_2_00007FF7E6C621F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFD210	4_2_00007FF7E6CFD210
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5C1CB	4_2_00007FF7E6C5C1CB
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6B190	4_2_00007FF7E6C6B190
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC0180	4_2_00007FF7E6CC0180
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D19140	4_2_00007FF7E6D19140
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBA120	4_2_00007FF7E6CBA120
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB52E0	4_2_00007FF7E6CB52E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5E265	4_2_00007FF7E6C5E265
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C04290	4_2_00007FF7E6C04290
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C0E220	4_2_00007FF7E6C0E220
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48FEE	4_2_00007FF7E6C48FEE
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C47FF0	4_2_00007FF7E6C47FF0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CF0FDC	4_2_00007FF7E6CF0FDC
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93000	4_2_00007FF7E6C93000
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4DFFF	4_2_00007FF7E6C4DFFF
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C63FB0	4_2_00007FF7E6C63FB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C73FB0	4_2_00007FF7E6C73FB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48F99	4_2_00007FF7E6C48F99
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C1AFC0	4_2_00007FF7E6C1AFC0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0CF58	4_2_00007FF7E6D0CF58
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB3F8C	4_2_00007FF7E6CB3F8C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBCF80	4_2_00007FF7E6CBCF80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C45F80	4_2_00007FF7E6C45F80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C46F50	4_2_00007FF7E6C46F50
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48F41	4_2_00007FF7E6C48F41
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFF0D8	4_2_00007FF7E6CFF0D8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4A110	4_2_00007FF7E6C4A110
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2A100	4_2_00007FF7E6C2A100
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C930B1	4_2_00007FF7E6C930B1
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFB0A0	4_2_00007FF7E6BFB0A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C3C0B0	4_2_00007FF7E6C3C0B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBD0A0	4_2_00007FF7E6CBD0A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C7E0D0	4_2_00007FF7E6C7E0D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFE0B8	4_2_00007FF7E6CFE0B8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93058	4_2_00007FF7E6C93058
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0905C	4_2_00007FF7E6D0905C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93078	4_2_00007FF7E6C93078
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6C080	4_2_00007FF7E6C6C080
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93028	4_2_00007FF7E6C93028
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFD028	4_2_00007FF7E6CFD028
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93040	4_2_00007FF7E6C93040
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBE040	4_2_00007FF7E6CBE040
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48DE1	4_2_00007FF7E6C48DE1
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB0DC0	4_2_00007FF7E6CB0DC0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBDD70	4_2_00007FF7E6CBDD70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C3DD70	4_2_00007FF7E6C3DD70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC1D60	4_2_00007FF7E6CC1D60
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C41D60	4_2_00007FF7E6C41D60
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48D89	4_2_00007FF7E6C48D89
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C50D90	4_2_00007FF7E6C50D90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA7D80	4_2_00007FF7E6CA7D80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C8FD81	4_2_00007FF7E6C8FD81
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48D31	4_2_00007FF7E6C48D31
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C76D30	4_2_00007FF7E6C76D30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFDD30	4_2_00007FF7E6BFDD30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C43D40	4_2_00007FF7E6C43D40
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48EE9	4_2_00007FF7E6C48EE9
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C85EF0	4_2_00007FF7E6C85EF0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C95EB0	4_2_00007FF7E6C95EB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D18EC4	4_2_00007FF7E6D18EC4
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C68EA0	4_2_00007FF7E6C68EA0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBBE70	4_2_00007FF7E6CBBE70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C70E60	4_2_00007FF7E6C70E60
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB4E90	4_2_00007FF7E6CB4E90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C64E90	4_2_00007FF7E6C64E90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48E91	4_2_00007FF7E6C48E91
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C96E80	4_2_00007FF7E6C96E80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB1E80	4_2_00007FF7E6CB1E80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C01E90	4_2_00007FF7E6C01E90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C56E30	4_2_00007FF7E6C56E30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C7DE30	4_2_00007FF7E6C7DE30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48E39	4_2_00007FF7E6C48E39
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFCE3C	4_2_00007FF7E6CFCE3C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BF4C00	4_2_00007FF7E6BF4C00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48C10	4_2_00007FF7E6C48C10
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C22BD0	4_2_00007FF7E6C22BD0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C26B70	4_2_00007FF7E6C26B70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C79B70	4_2_00007FF7E6C79B70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BB27	4_2_00007FF7E6C4BB27
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C71B30	4_2_00007FF7E6C71B30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D03B50	4_2_00007FF7E6D03B50
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB9CF0	4_2_00007FF7E6CB9CF0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C04D00	4_2_00007FF7E6C04D00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D13CE0	4_2_00007FF7E6D13CE0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFED0C	4_2_00007FF7E6CFED0C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4ACC3	4_2_00007FF7E6C4ACC3
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C79C90	4_2_00007FF7E6C79C90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB5C30	4_2_00007FF7E6CB5C30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C1BC30	4_2_00007FF7E6C1BC30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFCC54	4_2_00007FF7E6CFCC54
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BA13	4_2_00007FF7E6C4BA13
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C75A10	4_2_00007FF7E6C75A10
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC0A00	4_2_00007FF7E6CC0A00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C449B0	4_2_00007FF7E6C449B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B9B6	4_2_00007FF7E6C4B9B6
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C549C0	4_2_00007FF7E6C549C0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B959	4_2_00007FF7E6C4B959
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C9C990	4_2_00007FF7E6C9C990
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C23990	4_2_00007FF7E6C23990
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C79990	4_2_00007FF7E6C79990
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6A920	4_2_00007FF7E6C6A920
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CCC950	4_2_00007FF7E6CCC950
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C3EB10	4_2_00007FF7E6C3EB10
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA7AB0	4_2_00007FF7E6CA7AB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BACD	4_2_00007FF7E6C4BACD
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C72AD0	4_2_00007FF7E6C72AD0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB2AC0	4_2_00007FF7E6CB2AC0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D05A70	4_2_00007FF7E6D05A70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BA70	4_2_00007FF7E6C4BA70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFCA68	4_2_00007FF7E6CFCA68
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C40A90	4_2_00007FF7E6C40A90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C97A80	4_2_00007FF7E6C97A80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFCA30	4_2_00007FF7E6BFCA30

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: String function: 0046FEFC appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: String function: 004707A0 appears 31 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: String function: 0046FFD0 appears 56 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C86E30 appears 100 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6CF65D0 appears 51 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C9DE30 appears 220 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C7BE10 appears 38 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C7BC50 appears 45 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C65910 appears 46 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6CB67F0 appears 49 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6D06054 appears 35 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C9E0B0 appears 110 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6BF6070 appears 94 times
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: String function: 00007FF647292840 appears 126 times
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: String function: 00007FF6472923D0 appears 102 times

PE file contains executable resources (Code or Archives)

Source: pl_rsrc_bulgarian.dll.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: pl_rsrc_french.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: pl_rsrc_french.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
Source: pl_rsrc_french.dll.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.115
Source: pl_rsrc_german.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: pl_rsrc_italian.dll.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: pl_rsrc_korean.dll.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: pl_rsrc_russian.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: pl_rsrc_slovenian.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX COFF pure executable, sections 78, created Sun Mar 29 05:32:17 1970, not stripped, version 110
Source: pl_rsrc_spanish.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped

PE file does not import any functions

Source: pl_rsrc_korean.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_russian.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_english.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_spanish.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_french.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_chinese_traditional.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_german.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_polish.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_japanese.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_italian.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_slovenian.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_finnish.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_chinese.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_ptbr.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_bulgarian.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus31.evad.winEXE@120/207@42/16

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00457727 GetLastError,FormatMessageW,

0_2_00457727

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C5FB40 GetTickCount64,GetSystemInfo,GetVersionExW,MessageBoxW,SetUnhandledExceptionFilter,InitializeCriticalSection,InitializeCriticalSection,CreateEventW,CreateEventW,CoInitializeEx,CoInitializeSecurity,InitCommonControlsEx,#17,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,OpenEventW,SetEvent,CloseHandle,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,RegCloseKey,GetSystemInfo,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,CreateEventW,SetEvent,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,LeaveCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,LeaveCriticalSection,LeaveCriticalSection,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,OpenProcess,Sleep,WaitForSingleObject,CloseHandle,FindWindowW,FindWindowW,PostMessageW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,ShellExecuteW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,GdiplusStartup,CreateEventW,LoadLibraryW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,SetProcessShutdownParameters,GetCommandLineW,CreateThread,WaitForSingleObject,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,MessageBoxW,ExitProcess,CreateThread,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,DialogBoxParamW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,GetModuleHandleW,LoadAcceleratorsW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetActiveProcessorCount,GetModuleHandleW,LoadIconW,CreateEventW,SetEvent,WaitForSingleObject,TerminateThread,ResetEvent,CreateThread,CreateThread,CreateThread,CreateThread,OpenMutexW,OpenMutexW,CloseHandle,Sleep,CreateThread,CreateThread,CreateThread,GetFileAttributesW,PostMessageW,GetMessageW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,GetMessageW,CloseHandle,CloseHandle,SetEvent,Shell_NotifyIconW,Sleep,CreateEventW,SetEvent,WaitForSingleObject,TerminateThread,GdiplusShutdown,DeleteCriticalSection,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeleteCriticalSection,SetEvent,WaitForSingleObject,TerminateThread,RegCloseKey,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,

4_2_00007FF7E6C5FB40

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C68690 OpenProcess,SetProcessAffinityMask,CreateToolhelp32Snapshot,Thread32First,OpenThread,SetThreadGroupAffinity,CloseHandle,Thread32Next,CloseHandle,GetActiveProcessorGroupCount,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,SetProcessAffinityMask,CloseHandle,

4_2_00007FF7E6C68690

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF64727D820 CoInitializeEx,CoCreateInstance,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,SysAllocString,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,SysAllocString,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,MessageBoxW,MessageBoxW,CoUninitialize,SysAllocString,SysAllocString,MessageBoxW,_invalid_parameter_noinfo,SysAllocString,SysAllocString,SysAllocString,VariantInit,SysAllocString,VariantClear,VariantClear,VariantClear,MessageBoxW,CoUninitialize,CoUninitialize,_invalid_parameter_noinfo,

1_2_00007FF64727D820

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0046B6D2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

0_2_0046B6D2

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF647296FC0 OpenSCManagerW,OpenServiceW,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

1_2_00007FF647296FC0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_4167031

Jump to behavior

Source: C:\Users\user\Desktop\bitsumsessionagent.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\{878ec006-8bb7-4487-a9d9-6ab726fdad61}

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: sfxname	0_2_0046F05C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: sfxstime	0_2_0046F05C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: p0I	0_2_0046F05C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: STARTDLG	0_2_0046F05C

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ProcessLasso.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: ProcessLasso.exe	String found in binary or memory: /stopafter=
Source: ProcessLasso.exe	String found in binary or memory: /stopafter=

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Process created: C:\Users\user\Desktop\PostUpdate.exe "C:\Users\user\Desktop\PostUpdate.exe"
Source: unknown	Process created: C:\Users\user\Desktop\bitsumsessionagent.exe C:\Users\user\Desktop\bitsumsessionagent.exe ----------------------------------------------------------------
Source: unknown	Process created: C:\Users\user\Desktop\bitsumsessionagent.exe C:\Users\user\Desktop\bitsumsessionagent.exe ----------------------------------------------------------------
Source: C:\Users\user\Desktop\PostUpdate.exe	Process created: C:\Users\user\Desktop\ProcessLasso.exe /postupdate
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2008,i,15519515346526546949,12768663373264760233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1984,i,5106367926550211044,9373728312157229491,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1996,i,7114810720293782166,12932913640708286940,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,2617033844371038707,2385638837885236536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1948,i,16641894259137025231,17552674618342249670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,18071265613074346824,7565659784721279921,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1952,i,13378929248748638004,16609101256085625740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1992,i,3103486031131948529,12771731290429994548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2000,i,4281038644087026732,4404549652330960055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1984,i,16754105667391397097,1628277584012059700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,13307509518589281415,1496618762875588576,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1984,i,10167203328593902513,15389311701757241189,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1724,i,14353911626792566164,9578348925622307936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1988,i,7229309035351989711,14618348612749984897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Process created: C:\Users\user\Desktop\PostUpdate.exe "C:\Users\user\Desktop\PostUpdate.exe"	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Process created: C:\Users\user\Desktop\ProcessLasso.exe /postupdate	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2008,i,15519515346526546949,12768663373264760233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1984,i,5106367926550211044,9373728312157229491,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1996,i,7114810720293782166,12932913640708286940,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,2617033844371038707,2385638837885236536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1948,i,16641894259137025231,17552674618342249670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1724,i,14353911626792566164,9578348925622307936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,18071265613074346824,7565659784721279921,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1952,i,13378929248748638004,16609101256085625740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1992,i,3103486031131948529,12771731290429994548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2000,i,4281038644087026732,4404549652330960055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1984,i,16754105667391397097,1628277584012059700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,13307509518589281415,1496618762875588576,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1984,i,10167203328593902513,15389311701757241189,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1724,i,14353911626792566164,9578348925622307936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1988,i,7229309035351989711,14618348612749984897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: pl_rsrc_english.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: pl_rsrc_english.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\PostUpdate.exe

File written: C:\Users\user\AppData\Local\ProcessLasso\config\prolasso.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\ProcessLasso.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Jump to behavior

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static file information: File size 2995928 > 1048576

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_korean.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_polish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdb source: LogViewer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\testlasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, testlasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdb source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb$ source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdbi source: InstallHelper.exe.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdbZ source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdb source: Insights.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb` source: CPUEater.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdbd source: Insights.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdbJ source: LogViewer.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessLassoLauncher.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000070AC000.00000004.00000020.00020000.00000000.sdmp, ProcessLassoLauncher.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdbGCTL source: ProcessGovernor.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\x64\Release\bitsumsessionagent.pdb source: bitsumsessionagent.exe, 00000002.00000002.2879821342.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000002.00000000.1663989043.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000002.1688973134.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000000.1680227560.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb source: CPUEater.exe.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdb source: ProcessGovernor.exe.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdbS source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdb source: InstallHelper.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdbY source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_spanish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\plActivate.pdb source: plActivate.exe.0.dr

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF6472974D0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,

1_2_00007FF6472974D0

File is packed with WinRar

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_4167031

Jump to behavior

PE file contains an invalid checksum

Source: plActivate.exe.0.dr

Static PE information: real checksum: 0x369a0 should be: 0x3699f

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: section name: .didat
Source: ProcessLasso.exe.0.dr	Static PE information: section name: _RDATA
Source: ProcessLassoLauncher.exe.0.dr	Static PE information: section name: _RDATA
Source: testlasso.exe.0.dr	Static PE information: section name: _RDATA
Source: ThreadRacer.exe.0.dr	Static PE information: section name: _RDATA
Source: TweakScheduler.exe.0.dr	Static PE information: section name: memcpy_
Source: TweakScheduler.exe.0.dr	Static PE information: section name: _RDATA
Source: vistammsc.exe.0.dr	Static PE information: section name: _RDATA
Source: bitsumsessionagent.exe.0.dr	Static PE information: section name: _RDATA
Source: CPUEater.exe.0.dr	Static PE information: section name: _RDATA
Source: Insights.exe.0.dr	Static PE information: section name: _RDATA
Source: InstallHelper.exe.0.dr	Static PE information: section name: _RDATA
Source: LogViewer.exe.0.dr	Static PE information: section name: _RDATA
Source: plActivate.exe.0.dr	Static PE information: section name: _RDATA
Source: PostUpdate.exe.0.dr	Static PE information: section name: _RDATA
Source: ProcessGovernor.exe.0.dr	Static PE information: section name: _RDATA
Source: QuickUpgrade.exe.Replacement.0.dr	Static PE information: section name: _RDATA
Source: QuickUpgrade.exe.1.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004707F0 push ecx; ret	0_2_00470803
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046FEFC push eax; ret	0_2_0046FF1A
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472BBD8C push rax; ret	1_2_00007FF6472BBD8D
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C378C0 pushfq ; retf	4_2_00007FF7E6C37AFD
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C83B8A push rax; ret	4_2_00007FF7E6C83B8D

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\testlasso.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_slovenian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_italian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_english.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\CPUEater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_ptbr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\TweakScheduler.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\vistammsc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\QuickUpgrade.exe.Replacement	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ProcessLasso.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_japanese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\Insights.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\bitsumsessionagent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\PostUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_korean.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_bulgarian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ThreadRacer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_french.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\InstallHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_polish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\LogViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\plActivate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_russian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PostUpdate.exe	File created: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_chinese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_spanish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_chinese_traditional.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_finnish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_german.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File created: C:\Users\user\Desktop\QuickUpgrade.exe.Replacement

Jump to dropped file

Boot Survival

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF647296FC0 OpenSCManagerW,OpenServiceW,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

1_2_00007FF647296FC0

Hooking and other Techniques for Hiding and Protection

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C5DEC0 IsWindowVisible,ShowWindow,IsIconic,ShowWindow,SendMessageW,ShowWindow,SetForegroundWindow,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,RegCloseKey,ShowWindow,

4_2_00007FF7E6C5DEC0

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF6472974D0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6CCAA20 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,OpenThread,SuspendThread,CloseHandle,Thread32Next,CloseHandle,

4_2_00007FF7E6CCAA20

Contains functionality to enumerate running services

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: OpenSCManagerW,EnumServicesStatusExW,GetLastError,EnumServicesStatusExW,CloseServiceHandle,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,

4_2_00007FF7E6CBBE70

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_slovenian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\testlasso.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_italian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\CPUEater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_ptbr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\TweakScheduler.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\vistammsc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\QuickUpgrade.exe.Replacement	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_japanese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Insights.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_korean.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_bulgarian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ThreadRacer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_french.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\InstallHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_polish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\LogViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\plActivate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_russian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PostUpdate.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_chinese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_spanish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_chinese_traditional.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_finnish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_german.dll	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\ProcessLasso.exe

API coverage: 2.7 %

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C15275 GetSystemTimeAsFileTime followed by cmp: cmp byte ptr [00007ff7e6d71c25h], 00000001h and CTI: jne 00007FF7E6C1591Dh

4_2_00007FF7E6C15275

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_0045BA94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	0_2_0046D420
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B6A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6472B6A84
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E2048 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00007FF7E99E2048
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA21A0 DeleteFileW,DeleteFileW,RemoveDirectoryW,GetFileAttributesW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,GetFileAttributesW,	4_2_00007FF7E6CA21A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA1C60 FindFirstFileW,GetFileAttributesW,FindNextFileW,_invalid_parameter_noinfo,	4_2_00007FF7E6CA1C60

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0046F82F VirtualQuery,GetSystemInfo,

0_2_0046F82F

Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmwareuser.exeWa
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000002.1656846047.0000000002572000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe?a
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000002.1656846047.0000000002572000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware-vmx.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\PostUpdate.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ProcessLasso.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ProcessLasso.exe	API call chain: ExitProcess graph end node

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00470A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00470A0A

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF64729E5A8 InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW,

1_2_00007FF64729E5A8

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6CCAA20 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,OpenThread,SuspendThread,CloseHandle,Thread32Next,CloseHandle,

4_2_00007FF7E6CCAA20

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF6472974D0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_004791B0 mov eax, dword ptr fs:[00000030h]

0_2_004791B0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0047D1F0 GetProcessHeap,

0_2_0047D1F0

Enables debug privileges

Source: C:\Users\user\Desktop\ProcessLasso.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00470A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00470A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00470B9D SetUnhandledExceptionFilter,	0_2_00470B9D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00470D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00470D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00474FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00474FEF
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729F670 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF64729F670
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472AA01C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF6472AA01C
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729FD00 SetUnhandledExceptionFilter,	1_2_00007FF64729FD00
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729FB1C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF64729FB1C
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D4184 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF7E99D4184
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D4368 SetUnhandledExceptionFilter,	2_2_00007FF7E99D4368
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D3E40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FF7E99D3E40
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DDD18 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF7E99DDD18
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5FB40 GetTickCount64,GetSystemInfo,GetVersionExW,MessageBoxW,SetUnhandledExceptionFilter,InitializeCriticalSection,InitializeCriticalSection,CreateEventW,CreateEventW,CoInitializeEx,CoInitializeSecurity,InitCommonControlsEx,#17,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,OpenEventW,SetEvent,CloseHandle,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,RegCloseKey,GetSystemInfo,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,CreateEventW,SetEvent,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,LeaveCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,LeaveCriticalSection,LeaveCriticalSection,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,OpenProcess,Sleep,WaitForSingleObject,CloseHandle,FindWindowW,FindWindowW,PostMessageW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,ShellExecuteW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,GdiplusStartup,CreateEventW,LoadLibraryW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,SetProcessShutdownParameters,GetCommandLineW,CreateThread,WaitForSingleObject,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,MessageBoxW,ExitProcess,CreateThread,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,DialogBoxParamW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,GetModuleHandleW,LoadAcceleratorsW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetActiveProcessorCount,GetModuleHandleW,LoadIconW,CreateEventW,SetEvent,WaitForSingleObject,TerminateThread,ResetEvent,CreateThread,CreateThread,CreateThread,CreateThread,OpenMutexW,OpenMutexW,CloseHandle,Sleep,CreateThread,CreateThread,CreateThread,GetFileAttributesW,PostMessageW,GetMessageW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,GetMessageW,CloseHandle,CloseHandle,SetEvent,Shell_NotifyIconW,Sleep,CreateEventW,SetEvent,WaitForSingleObject,TerminateThread,GdiplusShutdown,DeleteCriticalSection,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeleteCriticalSection,SetEvent,WaitForSingleObject,TerminateThread,RegCloseKey,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,	4_2_00007FF7E6C5FB40
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CF4E00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF7E6CF4E00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D00A98 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF7E6D00A98

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\bitsumsessionagent.exe	NtQueryInformationProcess: Indirect: 0x7FF7E99D1EA8	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	NtQuerySystemInformation: Indirect: 0x7FF7E6CC3E81	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	NtQueryInformationProcess: Indirect: 0x7FF7E99D23A9	Jump to behavior

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C70BB0 GetModuleHandleW,GetModuleFileNameW,ShellExecuteExW,GetStartupInfoW,CreateProcessW,

4_2_00007FF7E6C70BB0

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Process created: C:\Users\user\Desktop\PostUpdate.exe "C:\Users\user\Desktop\PostUpdate.exe"	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C168E0 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateEventW,CreateEventW,CreateEventW,CreateEventW,InitializeCriticalSection,InitializeCriticalSection,InitializeCriticalSection,GetNumaHighestNodeNumber,QueryPerformanceFrequency,GetUserNameW,FindWindowW,InitCommonControlsEx,#17,CreateThread,

4_2_00007FF7E6C168E0

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr

Binary or memory string: tooltips_class32TweakScheduler v1.04System\CurrentControlSet\Control\PriorityControlWin32PrioritySeparationSeShutdownPrivilegehttps://bitsum.com/%xtweakscheduler.exelassopecparkbitsumalaInstallerLanguageDWORDBitsumSOFTWARE\%sInstallerLanguageLanguageSoftware\Bitsum%s\%s'''"""\,,Software\Microsoft\Windows\CurrentVersion\Run\processlasso.exe."%s" %d-%d%d;/%d/()allSYSTEM\CurrentControlSet\ServicesSYSTEM\CurrentControlSet\Services\DisplayNameImagePathObjectNameStartrunas"%s" "%s" "%s"SilentUpdate"%s"%s%sGlobal\TermSrvReadyEventTermServicesvchost.exe-k-Ksvchost.exe (%s)rundll32.exerundll32rundll32.exe (%s)%d:%02d:%02d.%03d"%s" %sCreateProcessWithTokenWadvapi32Progmanhttps\shell\open\command"%1"%1%s "%s"iexplore.exeprolasso.iniprosuper.iniprolasso.ini2ERROR: There was an error cleaning up the global path of Process Lasso's configuration file..portableservices.ex%s\ProcessLasso.exe%s\ProcessGovernor.exeSoftware\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted*systemlocal servicenetwork service\QuickUpgrade.exe.Replacement\ProcessLasso\pl4sfx.exe\pl4sfx_server.exe\pl_rsrc_temp.dll\pl_debug.logadvapi32.dllConvertStringSidToSidWS-1-16-1024GUIStartCoreStartParkControlInstalledprocesslasso.exeInstall_Dirprobalance.exeSoftware\CPUBalancecpubalance\probalance.exeprocessgovernor.exeprocess lasso%s\%s\%s

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00470826 cpuid

0_2_00470826

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: GetLocaleInfoW,GetNumberFormatW,	0_2_0046C093
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,	4_2_00007FF7E6D156C8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_00007FF7E6D1D364
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: GetLocaleInfoEx,	4_2_00007FF7E6CF4504
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_00007FF7E6D1D188
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,	4_2_00007FF7E6D1CD4C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,	4_2_00007FF7E6D1CC7C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: GetLocaleInfoW,	4_2_00007FF7E6D15C64
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	4_2_00007FF7E6D1C930

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\PostUpdate.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0046F05C GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,

0_2_0046F05C

Source: C:\Users\user\Desktop\ProcessLasso.exe

4_2_00007FF7E6C168E0

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6D19140 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

4_2_00007FF7E6D19140

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0045C365 GetVersionExW,

0_2_0045C365

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsgk32st.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cmdagent.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cfp.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgcsrvx.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avkservice.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsav32.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashwebsv.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsdfwd.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vsmon.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashserv.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashmaisv.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.238.49.4	dexeqbeb7giwr.cloudfront.net	United States	16509	AMAZON-02US	false
104.26.5.102	bitsum.com	United States	13335	CLOUDFLARENETUS	false
216.239.38.181	analytics-alv.google.com	United States	15169	GOOGLEUS	false
142.251.16.113	analytics.google.com	United States	15169	GOOGLEUS	false
142.251.111.104	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.251.111.154	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
44.229.0.33	unknown	United States	16509	AMAZON-02US	false
44.237.131.121	m.stripe.com	United States	16509	AMAZON-02US	false
192.0.76.3	stats.wp.com	United States	2635	AUTOMATTICUS	false
44.240.201.86	unknown	United States	16509	AMAZON-02US	false
151.101.128.176	stripecdn.map.fastly.net	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.202.176.81	stripe.com	United States	22182	AS22182US	false
151.101.64.176	unknown	United States	54113	FASTLYUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
stats.wp.com	192.0.76.3	true
a.nel.cloudflare.com	35.190.80.1	true
stripecdn.map.fastly.net	151.101.128.176	true
stats.g.doubleclick.net	142.251.111.154	true
bitsum.com	104.26.5.102	true
analytics-alv.google.com	216.239.38.181	true
pixel.wp.com	192.0.76.3	true
m.stripe.com	44.237.131.121	true
stripe.com	198.202.176.81	true
dexeqbeb7giwr.cloudfront.net	18.238.49.4	true
lb.wordpress.com	192.0.78.12	true
www.google.com	142.251.111.104	true
analytics.google.com	142.251.16.113	true
m.stripe.network	unknown	unknown
js.stripe.com	unknown	unknown
v0.wordpress.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912469117&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=1&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=page_view&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1535	false	high
https://bitsum.com/wp-content/plugins/google-analytics-premium/assets/js/frontend-gtag.min.js?ver=8.26.0	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912497244&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=3&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=view_item_list&_ee=1&pr1=pr4.95~lp1~id322~nmProcess%20Lasso%20Pro~capro%20version~va5&pr2=pr24.95~lp2~id322~nmProcess%20Lasso%20Pro~capro%20version~va4&pr3=pr39.95~lp3~id322~nmProcess%20Lasso%20Pro~capro%20version~va3&pr4=pr5.95~lp4~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va4&pr5=pr36.95~lp5~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va2&pr6=pr64.95~lp6~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va3&ep.forceSSL=true&ep.link_attribution=true&_et=370&tfd=1814	false	high
https://bitsum.com/wp-content/plugins/tml-social/assets/styles/tml-social.min.css?ver=1.1	false	high
https://m.stripe.network/inner.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false	false	high
https://bitsum.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0	false	high
https://bitsum.com/wp-content/plugins/theme-my-login/assets/scripts/theme-my-login.min.js?ver=7.1.7	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912395180&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=2&sid=1714912397&sct=1&seg=0&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=7&tfd=11487	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912497244&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=1&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=page_view&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1433	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912469117&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=1&tfd=6702	false	high
https://bitsum.com/wp-content/plugins/edd-user-history/assets/js/tracking.js?ver=1.2.0	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912432915&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=3&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=view_item_list&_ee=1&pr1=pr4.95~lp1~id322~nmProcess%20Lasso%20Pro~capro%20version~va5&pr2=pr24.95~lp2~id322~nmProcess%20Lasso%20Pro~capro%20version~va4&pr3=pr39.95~lp3~id322~nmProcess%20Lasso%20Pro~capro%20version~va3&pr4=pr5.95~lp4~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va4&pr5=pr36.95~lp5~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va2&pr6=pr64.95~lp6~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va3&ep.forceSSL=true&ep.link_attribution=true&_et=493&tfd=3036	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912455338&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=1&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=page_view&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=3034	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912395180&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=406&tfd=17495	false	high
https://pixel.wp.com/g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3177&rand=0.6102218130973263	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912476633&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=1&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=page_view&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=2944	false	high
https://bitsum.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912476633&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=3&tfd=9099	false	high
https://bitsum.com/wp-content/themes/meminz/skins/default/skin.css?ver=35eac6e98b37c7568cceeeeb456d12a3	false	high
https://pixel.wp.com/g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3149&rand=0.33416128811766366	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912432915&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=2&tfd=8277	false	high
https://bitsum.com/js/anchor-offset.js?ver=2	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912490931&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=2&tfd=7111	false	high
https://bitsum.com/wp-content/themes/meminz/js/custom.js?ver=20231102	false	high
https://bitsum.com/wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912409	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912455338&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=2&tfd=11391	false	high
https://bitsum.com/wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912417	false	high
https://bitsum.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=7.6	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912408856&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=2&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=4&tfd=3207	false	high
https://bitsum.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=7.6	false	high
https://pixel.wp.com/g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.0645236413472281	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912398937&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&are=1&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=4&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=get_lasso_pro&ep.forceSSL=true&ep.link_attribution=true&_et=3&tfd=8985	false	high
https://bitsum.com/wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912426	false	high
https://analytics.google.com/g/collect?v=2&tid=G-ZV0D0J286B&gtm=45je4510v890333677za200&_p=1714912476633&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=22835578.1714912397&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=Ag&_s=3&sid=1714912397&sct=1&seg=1&dl=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&dt=Get%20Process%20Lasso%20Pro&en=view_item_list&_ee=1&pr1=pr4.95~lp1~id322~nmProcess%20Lasso%20Pro~capro%20version~va5&pr2=pr24.95~lp2~id322~nmProcess%20Lasso%20Pro~capro%20version~va4&pr3=pr39.95~lp3~id322~nmProcess%20Lasso%20Pro~capro%20version~va3&pr4=pr5.95~lp4~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va4&pr5=pr36.95~lp5~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va2&pr6=pr64.95~lp6~id853~nmProcess%20Lasso%20Pro%20Entire%20Home~caentire%20home~va3&ep.forceSSL=true&ep.link_attribution=true&_et=202&tfd=3158	false	high

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\testlasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\CPUEater.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ThreadRacer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\TweakScheduler.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\vistammsc.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\InstallHelper.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\Insights.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\LogViewer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\plActivate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\bitsumsessionagent.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	EXE: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to behavior

Phishing

Form action URLs do not match main URL

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Form action: https://wordpress.com/email-subscriptions bitsum wordpress

Found iframes

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: Iframe src: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false

HTML title does not match URL

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1

HTTP Parser: Title: Get Process Lasso Pro does not match URL

Source: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false	HTTP Parser: No favicon
Source: https://m.stripe.network/inner.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=NA&sid=NA&version=6&preview=false	HTTP Parser: No favicon
Source: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fbitsum.com%2Fget-lasso-pro%2F%3Fdiscount%3DBITSUM25OFF%26inproductcoupon%3D1&title=Get%20Process%20Lasso%20Pro&referrer=&muid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9&sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65&version=6&preview=false	HTTP Parser: No favicon

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="author".. found

Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found
Source: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	HTTP Parser: No <meta name="copyright".. found

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\testlasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\CPUEater.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ThreadRacer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\TweakScheduler.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\vistammsc.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\InstallHelper.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessLasso.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\Insights.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\LogViewer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\plActivate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\bitsumsessionagent.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	EXE: C:\Users\user\Desktop\PostUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	EXE: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49910 version: TLS 1.2

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_korean.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_polish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdb source: LogViewer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\testlasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, testlasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdb source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb$ source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdbi source: InstallHelper.exe.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdbZ source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdb source: Insights.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb` source: CPUEater.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdbd source: Insights.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdbJ source: LogViewer.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessLassoLauncher.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000070AC000.00000004.00000020.00020000.00000000.sdmp, ProcessLassoLauncher.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdbGCTL source: ProcessGovernor.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\x64\Release\bitsumsessionagent.pdb source: bitsumsessionagent.exe, 00000002.00000002.2879821342.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000002.00000000.1663989043.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000002.1688973134.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000000.1680227560.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb source: CPUEater.exe.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdb source: ProcessGovernor.exe.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdbS source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdb source: InstallHelper.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdbY source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_spanish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\plActivate.pdb source: plActivate.exe.0.dr

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_0045BA94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	0_2_0046D420
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B6A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6472B6A84
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E2048 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00007FF7E99E2048
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA21A0 DeleteFileW,DeleteFileW,RemoveDirectoryW,GetFileAttributesW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,GetFileAttributesW,	4_2_00007FF7E6CA21A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA1C60 FindFirstFileW,GetFileAttributesW,FindNextFileW,_invalid_parameter_noinfo,	4_2_00007FF7E6CA1C60

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 192.0.76.3 192.0.76.3
Source: Joe Sandbox View	IP Address: 192.0.76.3 192.0.76.3
Source: Joe Sandbox View	IP Address: 151.101.128.176 151.101.128.176

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6CC46F0 InternetOpenUrlW,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

4_2_00007FF7E6CC46F0

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A2tp3zbaFOOWXvO&MD=VZaYXHLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-digital-downloads-pro/includes/blocks/assets/css/edd-blocks.css?ver=3.2.12 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/bitsum-wp//css/edd-supplemental-styles.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /v3/?ver=v3 HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/theme-my-login/assets/styles/theme-my-login.min.css?ver=7.1.7 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/jquery.fancybox-1.3.4.css?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-digital-downloads-pro/assets/css/edd.min.css?ver=3.2.12 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-software-licensing/assets/css/edd-sl.css?ver=3.8.11 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-multi-currency/assets/build/style-frontend.css?ver=1.1.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-recurring/assets/css/styles.css?ver=2.12.3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/css/plugins.css?ver=20240503 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/style.css?ver=202306092 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/css/custom.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/skins/default/skin.css?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tml-social/assets/styles/tml-social.min.css?ver=1.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jetpack/css/jetpack.css?ver=13.3.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/google-analytics-premium/assets/js/frontend-gtag.min.js?ver=8.26.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Legacy/ajax.min.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-user-history/assets/js/tracking.js?ver=1.2.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-recurring/assets/js/edd-frontend-recurring.js?ver=2.12.3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /js/anchor-offset.js?ver=2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912395 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /v3/?ver=v3 HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "2692eab1e562bacee19ab5e8f3b0b448"If-Modified-Since: Sat, 04 May 2024 04:29:46 GMT
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912399 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.0.1714912397.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/theme-my-login/assets/scripts/theme-my-login.min.js?ver=7.1.7 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/GalleryDisplay/common.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/lightbox_context.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/jquery.easing-1.3.pack.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/jquery.fancybox-1.3.4.pack.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/nextgen-gallery/static/Lightbox/fancybox/nextgen_fancybox_init.js?ver=3.59.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /e-202418.js HTTP/1.1Host: stats.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-digital-downloads-pro/assets/js/edd-ajax.js?ver=3.2.12 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912399.58.0.0; edduh_hash=4c798686f90c46ceff63ed3c997fa277
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/themes/meminz/css/plugins.css?ver=20240503Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/fonts/open-sans/opensans-regular-webfont.woff2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/themes/meminz/css/plugins.css?ver=20240503Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=7.6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bitsum.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://bitsum.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=7.6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/img/pricing-line.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/wp-content/themes/meminz/style.css?ver=202306092Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/bitsum_logo_transparent.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jetpack/_inc/build/widgets/eu-cookie-law/eu-cookie-law.min.js?ver=20180522 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=deleted
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=7.6 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/img/pricing-line.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912401.56.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=13.3.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3994&rand=0.20887544996126906 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/edd-multi-currency/assets/build/frontend.js?ver=1.1.1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/js/plugins.js?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/meminz/js/custom.js?ver=20231102 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/30dayrefund-e1605890583229.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/bitsum_logo_transparent.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/30dayrefund-e1605890583229.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3994&rand=0.20887544996126906 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=35eac6e98b37c7568cceeeeb456d12a3 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /inner.html HTTP/1.1Host: m.stripe.networkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://js.stripe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912402.55.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912409 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912408.49.0.0
Source: global traffic	HTTP traffic detected: GET /out-4.5.43.js HTTP/1.1Host: m.stripe.networkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://m.stripe.network/inner.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.5645082368297181 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/favicon.png HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.0645236413472281 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.5645082368297181 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/favicon.png HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.0645236413472281 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912417 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912410.47.0.0; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=2c02c639-8c02-4f40-b937-fb8deabf55dbe8b7e5
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=2c02c639-8c02-4f40-b937-fb8deabf55dbe8b7e5
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1943&rand=0.41106217824244795 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1943&rand=0.41106217824244795 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912426 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912417.40.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=2309&rand=0.757336543097145 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=2309&rand=0.757336543097145 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912432 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912426.31.0.0
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A2tp3zbaFOOWXvO&MD=VZaYXHLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3138&rand=0.2663419028316665 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3138&rand=0.2663419028316665 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912440 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912434.23.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3224&rand=0.7777739801533385 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3224&rand=0.7777739801533385 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912447 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912442.15.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1960&rand=0.9310427983388707 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1960&rand=0.9310427983388707 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912453 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912448.9.0.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912455.2.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.607764172633884 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=0&rand=0.607764172633884 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912456.1.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912456.1.0.0
Source: global traffic	HTTP traffic detected: GET /v3/?ver=v3 HTTP/1.1Host: js.stripe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "2692eab1e562bacee19ab5e8f3b0b448"If-Modified-Since: Sat, 04 May 2024 04:29:46 GMT
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912462 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912456.1.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3177&rand=0.6102218130973263 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3177&rand=0.6102218130973263 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912469 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912463.60.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1784&rand=0.7880681605956541 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1784&rand=0.7880681605956541 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912475 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912469.54.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3149&rand=0.33416128811766366 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=3149&rand=0.33416128811766366 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912483 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912477.46.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=4119&rand=0.6201211102575397 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=4119&rand=0.6201211102575397 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912491 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912485.38.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1888&rand=0.7260079474896437 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1888&rand=0.7260079474896437 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9; __Host-stripe.mkt.csrf=PUzP9V9PYTZLsnWHgYbYpvGCkVN0N1V1pTa7cD2y0qOiYfqKQIh1Ee7N0UkVJDXvuI70pThx5Q9PikWyJwZSZjw-AcAXe4aLRW0FK4DudC9ZBA7ZflSssWUgUx-lW2YO7y6yUYc7KA%3D%3D
Source: global traffic	HTTP traffic detected: GET /get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /?custom-css=c8bee26073 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/redux/custom-fonts/fonts.css?ver=1714912497 HTTP/1.1Host: bitsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912491.32.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1781&rand=0.6508001778069497 HTTP/1.1Host: pixel.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bitsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/admin-ajax.php HTTP/1.1Host: bitsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=906bgo51dgbvgft8vj85mdcsnr; _ga=GA1.1.22835578.1714912397; edduh_hash=4c798686f90c46ceff63ed3c997fa277; __stripe_mid=daa3cc52-2834-4ea1-a46c-57b7656cefb97902e9; __stripe_sid=ecf4ef75-365c-4793-b0e6-c944798758968a2a65; _ga_ZV0D0J286B=GS1.1.1714912397.1.1.1714912497.26.0.0
Source: global traffic	HTTP traffic detected: GET /g.gif?v=ext&blog=94535937&post=26649&tz=-4&srv=bitsum.com&j=1%3A13.3.1&host=bitsum.com&ref=&fcp=1781&rand=0.6508001778069497 HTTP/1.1Host: pixel.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6 HTTP/1.1Host: m.stripe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: m=26977608-e902-49c7-890a-8cf5ab0f8f125bc0e7; cid=20e0c4be-3e0c-4f7a-a701-c7c9489586b9

Source: chromecache_216.8.dr	String found in binary or memory: "https://www.facebook.com/StripeHQ", equals www.facebook.com (Facebook)
Source: chromecache_216.8.dr	String found in binary or memory: "https://www.linkedin.com/company/stripe/", equals www.linkedin.com (Linkedin)
Source: chromecache_195.8.dr	String found in binary or memory: return b}yC.K="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bitsum.com
Source: global traffic	DNS traffic detected: DNS query: js.stripe.com
Source: global traffic	DNS traffic detected: DNS query: stats.wp.com
Source: global traffic	DNS traffic detected: DNS query: v0.wordpress.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: pixel.wp.com
Source: global traffic	DNS traffic detected: DNS query: m.stripe.network
Source: global traffic	DNS traffic detected: DNS query: m.stripe.com
Source: global traffic	DNS traffic detected: DNS query: stripe.com

Source: unknown

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PostUpdate.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: chromecache_254.8.dr	String found in binary or memory: http://daneden.me/animate
Source: chromecache_254.8.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_254.8.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_254.8.dr, chromecache_221.8.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_239.8.dr, chromecache_258.8.dr	String found in binary or memory: http://go.wpbakery.com/licensing
Source: chromecache_221.8.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_221.8.dr	String found in binary or memory: http://pupunzi.open-lab.com
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_221.8.dr	String found in binary or memory: http://www.gmarwaha.com/jquery/jcarousellite/
Source: chromecache_221.8.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_221.8.dr	String found in binary or memory: http://www.ianlunn.co.uk/
Source: chromecache_221.8.dr	String found in binary or memory: http://www.ianlunn.co.uk/plugins/jquery-parallax/
Source: chromecache_221.8.dr	String found in binary or memory: http://www.mattvarone.com/web-design/uitotop-jquery-plugin
Source: chromecache_221.8.dr	String found in binary or memory: http://www.no-margin-for-errors.com)
Source: chromecache_221.8.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_221.8.dr	String found in binary or memory: http://www.owlgraphic.com/owlcarousel/
Source: pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://Bitsum.com
Source: ProcessLasso.exe	String found in binary or memory: https://activate.bitsum.com/?
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr, plActivate.exe.0.dr	String found in binary or memory: https://activate.bitsum.com/?Process
Source: ProcessLasso.exe	String found in binary or memory: https://activate.bitsum.com/check.php
Source: chromecache_195.8.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_195.8.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_216.8.dr	String found in binary or memory: https://assets.ctfassets.net
Source: chromecache_216.8.dr	String found in binary or memory: https://assets.ctfassets.net/fzn2n1nzq965/01hMKr6nEEGVfOuhsaMIXQ/c424849423b5f036a8892afa09ac38c7/fa
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/1a930247.woff2)
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/AnimatedCodeEditor-86776e0635434fc49715.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/AnimatedIcon-0b7478e1f9234aae8838.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/AtlasDashboardGraphic-042f01c5c5f7a5d7ca1a.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/BackgroundGlobe-64953aedea5f231d07b7.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Bootstrapper-5KGKLV5W.js
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/BrandModal-77aed9e8900fc44f1554.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/BrandModalGraphic-e9e1fc8f4c2bf8a9bd44.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CardField-739e285edeecea986ed0.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CaseStudyCard-60f3f5412530e6e993e8.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CheckoutFormGraphic-b2509d821651cbc82709.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditor-6eacb8e42c7465ddd557.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorAsciiLoader-c1a350cb85f7a989f599.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorAutocomplete-dc62d89d9e2121e48baf.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorCursor-517911b19e66c94dafbb.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorLineNumbers-0eded1c84476ec649145.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorStatusBar-24c7c84123b2b6e4f091.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeSyntax-e0768ef33503219c518d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CodeTerminal-ca23848effb056969042.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CopyTitle-c641e014b3946628bc95.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCardBackground-853f685776c80eaa0089
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCardOverlay-09e527d11b6471566771.cs
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarousel-6ad3f0dce85838a77d8b.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavGroup-41fa77c08914b1b778
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavItem-fd5a8f8fac232f661b3
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavTrack-1380f9c2e275695c5e
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/DevelopersCodeEditor-eadbd8bbcdedd8edbbe3.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/DomGraphic-5a317684eb2b9d1f76d2.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/EnterpriseCarouselAside-b05102a0b81de0c11406.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Field-ea906aa31d4012757deb.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Flag-0530f6f8a0ae1e011860.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Form-401d42df82b6e8482f06.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Frontdoor-4513faa7ba2dd8949ee2.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingAnimation-fa25c03988d3d1f36a35.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphic-c9e3aeda05ab14a454b1.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphicLogo-2cee099c6b840fb58d86.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphicTier-4d3b73ee5f599b93aa50.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectAnimation-f4ce77b995975fa55335.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectFlowDiagram-bcf0320e44c152e1ca03.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectFlowDiagramOrderNotification-b0f6b26d
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnection-192c60d5ff4ac27dec4f.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphic-ab42746a2bb65d850037.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphicImage-ff4d221174ca6cab4402.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphicOutline-cbb29a27650befdb3913.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIcon-f22f360dadf72ca61a47.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIconGrid-f5ddeb3e7d94044a9646.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIconOutline-2c0929473dcd28db2e99.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIssuingAnimation-ba03e22ccfea12d68c6c.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorIssuingCard-b80b51aa94acdc8a688e.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorPaymentsAnimation-71bdbfda51a40294b593.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorPaymentsGraphic-45fe2caceea82c749c40.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorStandaloneAnimation-5aefb3912ae346b5293e.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorStickyAnimation-4ea4d6a5e9b414987337.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorSubanimation-b9163916332f2a67d464.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorSuiteAnimation-683958a93f82ca151ea7.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Global-f1eeffae1de3242fcca9.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GlobalizationPicker-cb59e0de1d5c3aeaa184.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Globe-b2159f87180df559d2e8.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GradientLegend-f1cabc70fbf82f3e9c05.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicForm-7d75b8ba72e0304da82c.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormField-33f78921d62dc714d424.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldInput-3d704dfad5ff81d0e80b.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldInputGrid-281fa6a92c2e3caa14c9.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldList-5317148749a9268ec04d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/GridLayout-0b90e779a89c0243e739.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/HorizontalOverflowContainer-0b85e8f46a0db21a6ef9.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Icon-646136cd9e336d8c18d7.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/InvoicingFeatureGraphic-db95f6cbfa638cca151e.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/List-d4c6ad06c173a7dca2ed.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/LocaleControl-09ce62c550a15bb456e5.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/LowCodeNoCode-de32a3423ce25c839d82.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/MobileStickyNav-e95ca4c4af5266ca01f2.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/MobileStickyNavControl-1518a74559667e928374.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/PaymentLinksFeatureGraphic-6c9382201d4ede7c851a.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Picture-3f0067e6b392244c9bda.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ProductBadge-aa2497ab8abdcc6a3d34.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ProductFeatureCard-4476eb8c383446c052aa.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ProductListing-3e17d7acee941b127dd1.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/RowLayout-9272a8ee72d3dac4a6ef.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/SiteFooterSection-1c0a8e1d30b69be4ef69.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/SiteFooterSectionSupportLinkList-US-bf39e598e6b8dad8c
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StartUp-889f28d89767c8a9d60f.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Stripe-b3679504f08482f96a0d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StripeProductUsed-448c2bc0913c408517f4.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StripeProductUsedList-4a8c16b5e5f3fa51247d.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/StripeSet-423109ad4bf57a2a011c.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/Track-2f2fce741fc3d8fc8450.css
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/ac6713d5.woff)
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/f965fdf4.woff2
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/f965fdf4.woff2)
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/imt-38da0d78a50596ad541ad6654b46af9a.js
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/mkt-statics-srv/assets/store-936f0d847a16164e7f6b15d74659c4a9.html
Source: chromecache_216.8.dr	String found in binary or memory: https://b.stripecdn.com/stripethirdparty-srv/assets/
Source: pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com-sivusto.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com-sivustolta.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_russian.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com.
Source: pl_rsrc_russian.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_french.dll.0.dr, pl_rsrc_bulgarian.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr	String found in binary or memory: https://bitsum.com/%xtweakscheduler.exelassopecparkbitsumalaInstallerLanguageDWORDBitsumSOFTWARE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/1A
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.com/3Current
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/4
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/4Version
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/7Aktuelle
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/9La
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/:La
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/=Wersja
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr	String found in binary or memory: https://bitsum.com/?prod=pl&update_error_sigError
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/apps/coredirector
Source: LogViewer.exe.0.dr	String found in binary or memory: https://bitsum.com/bad
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/changelog/pl/changes.htm#latest?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/changelog/pl/changes.htm#latest?inproduct(Virtuelle
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/changes/processlasso/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr	String found in binary or memory: https://bitsum.com/check.phphttps://activate.bitsum.com/check.phpCHECK_OKUNSPECIFIEDstring
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/cpubalance/%dProBalanceProBalanceToday%s
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/docs/pl
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1&
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=16F8
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=17
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1CC
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1G
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1K
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1M
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1ay
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1d
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1h
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B26DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1r
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1s
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1y
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/get-process-lasso-server-edition/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr	String found in binary or memory: https://bitsum.com/get-process-lasso-server-edition/-https://activate.bitsum.com/?Process
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/get-process-lasso-server-edition/https://activate.bitsum.com/?Process
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/keep-running-gaas-info
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/keep-running-gaas-infoGlobal
Source: ProcessGovernor.exe.0.dr	String found in binary or memory: https://bitsum.com/minidumps
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/minidumps/
Source: pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/minidumps/.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000732C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000842B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000085F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000087E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008257000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007A96000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007C7F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000076E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006BC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007E76000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000078AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006DB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000751A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008067000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D9071000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B4551000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/parkcontrol/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/parkcontrol/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct0VIRHE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct6ERROR
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproduct:ERRORE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductCERREUR
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductFERRO
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductFERROR
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductH
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/pl_last_w2k.php?inproductIBA
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/portfolio/cpubalance/FThttps://bitsum.com/members/purchase-history/14.0.2.12
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/processlasso-docs/#processmatch
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/processlasso-docs/#processmatch;
Source: Insights.exe.0.dr	String found in binary or memory: https://bitsum.com/processlasso-docs/#processmatchhttps://activate.bitsum.com/check.phpCHECK_OKarbgc
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000732C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000842B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000085F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000087E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008257000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007A96000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007C7F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000076E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006BC2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007E76000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000078AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006DB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000751A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008067000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D9071000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B4551000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/
Source: pl_rsrc_russian.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_french.dll.0.dr, pl_rsrc_bulgarian.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct1Quedan
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct2Za
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct7H
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct7Process
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct8PozostaB
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct:Es
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct:Il
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct;There
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/?inproduct?
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/processlasso/Explorer-Process
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/purchase/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/processlasso/purchase/commercial/?inproduct1https://bitsum.com/processlasso/serve
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, pl_rsrc_polish.dll.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductO
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductT
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproducta
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductd
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductu
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproductw
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/prolasso_older_versions.php?inproduct~
Source: ProcessLasso.exe	String found in binary or memory: https://bitsum.com/step1/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/step1/writetestFT%d%l%s
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/support.
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/?inproduct
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com/support/?inproducte
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.com/support/?inproductf3uW03
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure#
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure$
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure5
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureG
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_english.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureH
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureN
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureS
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureU
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureV
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr, pl_rsrc_german.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failureX
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr	String found in binary or memory: https://bitsum.com/support/index.php?renewal=14https://bitsum.com/support/index.php?general_failure_
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, PostUpdate.exe, 00000001.00000002.1688555797.00000277D90FF000.00000002.00000001.01000000.0000000A.sdmp, ProcessLasso.exe, ProcessLasso.exe, 00000004.00000002.2880201261.000002A8B45DF000.00000002.00000001.01000000.0000000A.sdmp, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr	String found in binary or memory: https://bitsum.com/translate/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com/translate/-
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com/translate//
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://bitsum.com/translate/ERROR-
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.com/translate/F
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, pl_rsrc_ptbr.dll.0.dr, pl_rsrc_korean.dll.0.dr, pl_rsrc_chinese.dll.0.dr, QuickUpgrade.exe.1.dr, pl_rsrc_english.dll.0.dr, pl_rsrc_slovenian.dll.0.dr, InstallHelper.exe.0.dr, QuickUpgrade.exe.Replacement.0.dr, pl_rsrc_finnish.dll.0.dr, pl_rsrc_chinese_traditional.dll.0.dr, pl_rsrc_japanese.dll.0.dr, pl_rsrc_italian.dll.0.dr, pl_rsrc_spanish.dll.0.dr, CPUEater.exe.0.dr, Insights.exe.0.dr, pl_rsrc_russian.dll.0.dr, ProcessGovernor.exe.0.dr, pl_rsrc_polish.dll.0.dr, plActivate.exe.0.dr, pl_rsrc_french.dll.0.dr	String found in binary or memory: https://bitsum.com0/
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr	String found in binary or memory: https://bitsum.com3
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://bitsum.com5
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.comD
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr	String found in binary or memory: https://bitsum.comLBitsumX
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr	String found in binary or memory: https://bitsum.comb
Source: chromecache_195.8.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr	String found in binary or memory: https://cn.bitsum.com
Source: chromecache_216.8.dr	String found in binary or memory: https://dashboard.stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://dashboard.stripe.com/register
Source: chromecache_274.8.dr, chromecache_280.8.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_274.8.dr, chromecache_280.8.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_255.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/ganeshmax/jcarousellite/blob/master/LICENSE)
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/imakewebthings/jquery-waypoints/blob/master/licenses.txt
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/kswedberg/jquery-smooth-scroll
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/kswedberg/jquery-smooth-scroll/blob/master/LICENSE-MIT)
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/morr/jquery.appear/
Source: chromecache_216.8.dr	String found in binary or memory: https://github.com/stripe-samples
Source: chromecache_221.8.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/1ctgMwd2p9euFW9pPSM7jR/451d5e987ca7fa14060526e6b1766a8b/bm
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/1lCtk48IB26AGgXdHsrLrt/ad2816d6a744d5249c19ba66be22b0a6/ch
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/2EOOpI2mMZgHYBlbO44zWV/5a6c5d37402652c80567ec942c733a43/fa
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/3AGidihOJl4nH9D1vDjM84/9540155d584be52fc54c443b6efa4ae6/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/4jq1Wguyus7CA7yc2kxMgn/cf7b01aadf305daef40ac8acab654510/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/4zeFefnpB8yh7U3qSQRktP/d583ee93dd3d8910fa27296748699a0f/bm
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5C5LvT3YZvRTGYn7uabXGj/7da8063dc77c67b7f66a1479f47409c8/bu
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5DaqGgXeMbxSIqQj9WSqSF/8142c0c6e15b27a8bb6c8a0f8a5d4dfb/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5F0uhf7cRg9vhR6NmgWzzI/664e14ddebb91375f89f8dcc75242dc0/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5epSdhifMhjZWOkOxK9xG8/05715737a672f2069c17903d2acae585/ty
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5hEVwGQfvUQhsMjfASiuA/db4e12749695dbf5735787879ae56e96/fla
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/5k7VeoAQQDK7032fIF6PEU/25f3670f5f4508103ee77afd92b7e074/ty
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/6c56LuWUxcACbVkv4fqszI/d0a88e48d11a88b97daf896246ac40da/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/6iLtU8qBUtE42tshpmZxY2/ac5b7b7a181524237b942e43620fceef/ch
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/7C4ROeiaqUa0HwwBU9EL9l/205ad1141f35c449a79c7dae1811d9b7/at
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/7jjWJlm9NHgLI7SV98B0Dg/ea1ae753f3764897fa4333311e41f496/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/7szA8TJHWKDIEuCbu6Yblm/4548db61648d063fb7e7dddfca04ab79/ho
Source: chromecache_216.8.dr	String found in binary or memory: https://images.ctfassets.net/fzn2n1nzq965/wEsTNDVgdEqaPAKkFdqnL/c69e1649432f1b772d86d81e423b7e3e/but
Source: chromecache_244.8.dr	String found in binary or memory: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Source: ProcessLasso.exe	String found in binary or memory: https://lic.bitsum.com/versioninfo/processlasso/attribs.txt
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lic.bitsum.com/versioninfo/processlasso/attribs.txtLassoJ
Source: chromecache_257.8.dr	String found in binary or memory: https://m.stripe.network
Source: chromecache_216.8.dr	String found in binary or memory: https://marketplace.stripe.com/
Source: chromecache_195.8.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_195.8.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_216.8.dr	String found in binary or memory: https://press.stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://q.stripe.com
Source: chromecache_216.8.dr	String found in binary or memory: https://sales-live-chat.stripe.com
Source: chromecache_216.8.dr	String found in binary or memory: https://sales-live-chat.stripe.com/render
Source: chromecache_216.8.dr	String found in binary or memory: https://schema.org
Source: chromecache_195.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_195.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_216.8.dr	String found in binary or memory: https://status.stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/#organization
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/ae
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/at
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/au
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/br
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/contact/sales
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-li
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/de-lu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/api
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/billing
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/connect
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/development
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/invoicing/hosted-invoice-page
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/libraries
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/no-code
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/no-code/payment-links
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/no-code/tap-to-pay
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/payments
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/payments/checkout
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/stripe-apps
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/terminal
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/upgrades#api-changelog
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/docs/upgrades#api-versions
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-at
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-bg
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-br
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ca
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-cy
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-cz
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-de
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-dk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ee
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-es
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-fi
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-fr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-gi
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-gr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-hk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-hr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-hu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-it
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-jp
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-li
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-lt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-lu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-lv
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-mt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-mx
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-my
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-nl
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-no
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-pl
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-pt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-ro
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-se
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-sg
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-si
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-sk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/en-th
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/es
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/es-us
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-ca
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/fr-lu
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/gb
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/guides
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/ie
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/in
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/issuing
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it-ch
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it-hr
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/it-si
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/jp
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/mx
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/nl
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/nl-be
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/nz
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/pricing
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/privacy
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/pt-pt
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/radar
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/se
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/sigma
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/spc/licenses
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/sv-fi
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/th
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/us
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/use-cases/global-businesses
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-hk
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-my
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-sg
Source: chromecache_216.8.dr	String found in binary or memory: https://stripe.com/zh-us
Source: chromecache_230.8.dr	String found in binary or memory: https://subscribe.wordpress.com
Source: chromecache_230.8.dr	String found in binary or memory: https://subscribe.wordpress.com/memberships/?
Source: chromecache_216.8.dr	String found in binary or memory: https://support.stripe.com/?referrerLocale=en-us
Source: chromecache_195.8.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_216.8.dr	String found in binary or memory: https://twitter.com/stripe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr	String found in binary or memory: https://update.bitsum.com/files/auto/64/beta/pl4sfx.exehttps://update.bitsum.com/files/auto/64/pl4sf
Source: ProcessLasso.exe	String found in binary or memory: https://update.bitsum.com/userservices/versioninfo.php
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://update.bitsum.com/userservices/versioninfo.php&Platform=&Registered=&vnew=1?ProductName=&man
Source: chromecache_239.8.dr, chromecache_258.8.dr	String found in binary or memory: https://wpbakery.com)
Source: chromecache_195.8.dr	String found in binary or memory: https://www.google.com
Source: ProcessLasso.exe	String found in binary or memory: https://www.google.com/search?q=%s
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr	String found in binary or memory: https://www.google.com/search?q=%sopenProcess
Source: chromecache_195.8.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_195.8.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_216.8.dr	String found in binary or memory: https://www.linkedin.com/company/stripe/
Source: chromecache_195.8.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_216.8.dr	String found in binary or memory: https://youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49910 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF64729C270

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729C270 GetAsyncKeyState,IsWindow,GetWindowTextW,GetDlgItem,IsWindow,GetWindowTextW,GetWindow,IsWindow,GetClassNameW,GetWindowTextW,GetWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,	1_2_00007FF64729C270
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB98E0 GetAsyncKeyState,IsWindow,GetWindowTextW,GetDlgItem,IsWindow,GetWindowTextW,GetWindow,IsWindow,GetClassNameW,GetWindowTextW,GetWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,	4_2_00007FF7E6CB98E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C62D20 GetKeyState,SetFocus,PostMessageW,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,PostMessageW,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,#413,	4_2_00007FF7E6C62D20
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C73E20 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,	4_2_00007FF7E6C73E20
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C63AB3 GetKeyState,SetFocus,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,GetKeyState,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GetKeyState,SendMessageW,#413,	4_2_00007FF7E6C63AB3

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF64729C270

System Summary

Contains functionality to call native functions

Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D21F0 CreateMutexW,WaitForSingleObject,CreateEventW,CreateEventW,LoadLibraryW,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,GetCurrentProcess,SetPriorityClass,LoadCursorW,RegisterClassExW,CreateWindowExW,MessageBoxW,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,SetEvent,GetCurrentThreadId,SendMessageW,CloseHandle,ReleaseMutex,MessageBoxW,SetEvent,GetCurrentThreadId,FreeLibrary,CloseHandle,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,		2_2_00007FF7E99D21F0
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D1BC0 GetCurrentProcessId,ProcessIdToSessionId,GetForegroundWindow,GetWindowThreadProcessId,GetLastInputInfo,GetCurrentProcess,NtQueryInformationProcess,WaitForSingleObject,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,		2_2_00007FF7E99D1BC0

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00457AAF: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,

0_2_00457AAF

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004592C6	0_2_004592C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00467DDC	0_2_00467DDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00465011	0_2_00465011
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00468253	0_2_00468253
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004602F7	0_2_004602F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00465282	0_2_00465282
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004762A8	0_2_004762A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004613FD	0_2_004613FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046742E	0_2_0046742E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004764D7	0_2_004764D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004655B0	0_2_004655B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0047E600	0_2_0047E600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004607A7	0_2_004607A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045D833	0_2_0045D833
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004688AF	0_2_004688AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045395A	0_2_0045395A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00454A8E	0_2_00454A8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0047EAAE	0_2_0047EAAE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00482BB4	0_2_00482BB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045FCCC	0_2_0045FCCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00452EB6	0_2_00452EB6
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647276900	1_2_00007FF647276900
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472807A0	1_2_00007FF6472807A0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727D820	1_2_00007FF64727D820
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728256A	1_2_00007FF64728256A
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647276600	1_2_00007FF647276600
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647298470	1_2_00007FF647298470
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472904D0	1_2_00007FF6472904D0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647290FD0	1_2_00007FF647290FD0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727EE60	1_2_00007FF64727EE60
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727AE40	1_2_00007FF64727AE40
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647297F30	1_2_00007FF647297F30
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727FF00	1_2_00007FF64727FF00
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647291D80	1_2_00007FF647291D80
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647297E10	1_2_00007FF647297E10
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647276BCA	1_2_00007FF647276BCA
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64727EAA0	1_2_00007FF64727EAA0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647298A00	1_2_00007FF647298A00
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B8888	1_2_00007FF6472B8888
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B3910	1_2_00007FF6472B3910
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729C680	1_2_00007FF64729C680
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472AE590	1_2_00007FF6472AE590
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647294580	1_2_00007FF647294580
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B3460	1_2_00007FF6472B3460
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B04B0	1_2_00007FF6472B04B0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728749D	1_2_00007FF64728749D
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647295530	1_2_00007FF647295530
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729B430	1_2_00007FF64729B430
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B632C	1_2_00007FF6472B632C
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472AE098	1_2_00007FF6472AE098
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B3F90	1_2_00007FF6472B3F90
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A7000	1_2_00007FF6472A7000
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A7E74	1_2_00007FF6472A7E74
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE6B	1_2_00007FF64728CE6B
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE41	1_2_00007FF64728CE41
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE9B	1_2_00007FF64728CE9B
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CE83	1_2_00007FF64728CE83
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CEBB	1_2_00007FF64728CEBB
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64728CEF8	1_2_00007FF64728CEF8
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647296DE0	1_2_00007FF647296DE0
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF647299E30	1_2_00007FF647299E30
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A6E14	1_2_00007FF6472A6E14
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729CC60	1_2_00007FF64729CC60
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472A6C28	1_2_00007FF6472A6C28
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B6A84	1_2_00007FF6472B6A84
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B0AC4	1_2_00007FF6472B0AC4
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B2938	1_2_00007FF6472B2938
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D21F0	2_2_00007FF7E99D21F0
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E4980	2_2_00007FF7E99E4980
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E04C8	2_2_00007FF7E99E04C8
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DBBC0	2_2_00007FF7E99DBBC0
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E0B48	2_2_00007FF7E99E0B48
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E9378	2_2_00007FF7E99E9378
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DBDAC	2_2_00007FF7E99DBDAC
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DCE04	2_2_00007FF7E99DCE04
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E4E0C	2_2_00007FF7E99E4E0C
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E2048	2_2_00007FF7E99E2048
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E0018	2_2_00007FF7E99E0018
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DF060	2_2_00007FF7E99DF060
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DBF98	2_2_00007FF7E99DBF98
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C778E0	4_2_00007FF7E6C778E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C69620	4_2_00007FF7E6C69620
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5B350	4_2_00007FF7E6C5B350
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C87450	4_2_00007FF7E6C87450
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6E010	4_2_00007FF7E6C6E010
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C66100	4_2_00007FF7E6C66100
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6ED30	4_2_00007FF7E6C6ED30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5FB40	4_2_00007FF7E6C5FB40
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BF9AA0	4_2_00007FF7E6BF9AA0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C217E0	4_2_00007FF7E6C217E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C03800	4_2_00007FF7E6C03800
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6E800	4_2_00007FF7E6C6E800
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C187B0	4_2_00007FF7E6C187B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C517B0	4_2_00007FF7E6C517B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C177D0	4_2_00007FF7E6C177D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C8C7C8	4_2_00007FF7E6C8C7C8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C567D0	4_2_00007FF7E6C567D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C59760	4_2_00007FF7E6C59760
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D1D768	4_2_00007FF7E6D1D768
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CCF738	4_2_00007FF7E6CCF738
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C168E0	4_2_00007FF7E6C168E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B8FC	4_2_00007FF7E6C4B8FC
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC4900	4_2_00007FF7E6CC4900
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C0E8A7	4_2_00007FF7E6C0E8A7
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B89F	4_2_00007FF7E6C4B89F
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0E858	4_2_00007FF7E6D0E858
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB1880	4_2_00007FF7E6CB1880
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFC880	4_2_00007FF7E6CFC880
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C37830	4_2_00007FF7E6C37830
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C49830	4_2_00007FF7E6C49830
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6C850	4_2_00007FF7E6C6C850
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D13830	4_2_00007FF7E6D13830
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B842	4_2_00007FF7E6C4B842
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C015A0	4_2_00007FF7E6C015A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2E5B0	4_2_00007FF7E6C2E5B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB15D0	4_2_00007FF7E6CB15D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5C5D0	4_2_00007FF7E6C5C5D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C525D0	4_2_00007FF7E6C525D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C9D5C0	4_2_00007FF7E6C9D5C0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFF560	4_2_00007FF7E6BFF560
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0E570	4_2_00007FF7E6D0E570
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D18548	4_2_00007FF7E6D18548
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D11520	4_2_00007FF7E6D11520
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC46F0	4_2_00007FF7E6CC46F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2A700	4_2_00007FF7E6C2A700
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C7E6D0	4_2_00007FF7E6C7E6D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFB660	4_2_00007FF7E6BFB660
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4F670	4_2_00007FF7E6C4F670
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D03658	4_2_00007FF7E6D03658
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BF3680	4_2_00007FF7E6BF3680
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C20680	4_2_00007FF7E6C20680
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2E680	4_2_00007FF7E6C2E680
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C97410	4_2_00007FF7E6C97410
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFB3B0	4_2_00007FF7E6BFB3B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C893C2	4_2_00007FF7E6C893C2
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C96370	4_2_00007FF7E6C96370
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D14360	4_2_00007FF7E6D14360
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5D380	4_2_00007FF7E6C5D380
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D12334	4_2_00007FF7E6D12334
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C714F0	4_2_00007FF7E6C714F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC1510	4_2_00007FF7E6CC1510
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C774A0	4_2_00007FF7E6C774A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CDC45C	4_2_00007FF7E6CDC45C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6E490	4_2_00007FF7E6C6E490
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C0C480	4_2_00007FF7E6C0C480
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C45430	4_2_00007FF7E6C45430
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C401F0	4_2_00007FF7E6C401F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C621F0	4_2_00007FF7E6C621F0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFD210	4_2_00007FF7E6CFD210
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5C1CB	4_2_00007FF7E6C5C1CB
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6B190	4_2_00007FF7E6C6B190
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC0180	4_2_00007FF7E6CC0180
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D19140	4_2_00007FF7E6D19140
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBA120	4_2_00007FF7E6CBA120
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB52E0	4_2_00007FF7E6CB52E0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5E265	4_2_00007FF7E6C5E265
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C04290	4_2_00007FF7E6C04290
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C0E220	4_2_00007FF7E6C0E220
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48FEE	4_2_00007FF7E6C48FEE
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C47FF0	4_2_00007FF7E6C47FF0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CF0FDC	4_2_00007FF7E6CF0FDC
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93000	4_2_00007FF7E6C93000
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4DFFF	4_2_00007FF7E6C4DFFF
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C63FB0	4_2_00007FF7E6C63FB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C73FB0	4_2_00007FF7E6C73FB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48F99	4_2_00007FF7E6C48F99
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C1AFC0	4_2_00007FF7E6C1AFC0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0CF58	4_2_00007FF7E6D0CF58
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB3F8C	4_2_00007FF7E6CB3F8C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBCF80	4_2_00007FF7E6CBCF80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C45F80	4_2_00007FF7E6C45F80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C46F50	4_2_00007FF7E6C46F50
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48F41	4_2_00007FF7E6C48F41
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFF0D8	4_2_00007FF7E6CFF0D8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4A110	4_2_00007FF7E6C4A110
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C2A100	4_2_00007FF7E6C2A100
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C930B1	4_2_00007FF7E6C930B1
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFB0A0	4_2_00007FF7E6BFB0A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C3C0B0	4_2_00007FF7E6C3C0B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBD0A0	4_2_00007FF7E6CBD0A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C7E0D0	4_2_00007FF7E6C7E0D0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFE0B8	4_2_00007FF7E6CFE0B8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93058	4_2_00007FF7E6C93058
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D0905C	4_2_00007FF7E6D0905C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93078	4_2_00007FF7E6C93078
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6C080	4_2_00007FF7E6C6C080
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93028	4_2_00007FF7E6C93028
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFD028	4_2_00007FF7E6CFD028
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C93040	4_2_00007FF7E6C93040
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBE040	4_2_00007FF7E6CBE040
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48DE1	4_2_00007FF7E6C48DE1
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB0DC0	4_2_00007FF7E6CB0DC0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBDD70	4_2_00007FF7E6CBDD70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C3DD70	4_2_00007FF7E6C3DD70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC1D60	4_2_00007FF7E6CC1D60
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C41D60	4_2_00007FF7E6C41D60
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48D89	4_2_00007FF7E6C48D89
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C50D90	4_2_00007FF7E6C50D90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA7D80	4_2_00007FF7E6CA7D80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C8FD81	4_2_00007FF7E6C8FD81
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48D31	4_2_00007FF7E6C48D31
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C76D30	4_2_00007FF7E6C76D30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFDD30	4_2_00007FF7E6BFDD30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C43D40	4_2_00007FF7E6C43D40
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48EE9	4_2_00007FF7E6C48EE9
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C85EF0	4_2_00007FF7E6C85EF0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C95EB0	4_2_00007FF7E6C95EB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D18EC4	4_2_00007FF7E6D18EC4
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C68EA0	4_2_00007FF7E6C68EA0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CBBE70	4_2_00007FF7E6CBBE70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C70E60	4_2_00007FF7E6C70E60
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB4E90	4_2_00007FF7E6CB4E90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C64E90	4_2_00007FF7E6C64E90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48E91	4_2_00007FF7E6C48E91
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C96E80	4_2_00007FF7E6C96E80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB1E80	4_2_00007FF7E6CB1E80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C01E90	4_2_00007FF7E6C01E90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C56E30	4_2_00007FF7E6C56E30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C7DE30	4_2_00007FF7E6C7DE30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48E39	4_2_00007FF7E6C48E39
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFCE3C	4_2_00007FF7E6CFCE3C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BF4C00	4_2_00007FF7E6BF4C00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C48C10	4_2_00007FF7E6C48C10
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C22BD0	4_2_00007FF7E6C22BD0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C26B70	4_2_00007FF7E6C26B70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C79B70	4_2_00007FF7E6C79B70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BB27	4_2_00007FF7E6C4BB27
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C71B30	4_2_00007FF7E6C71B30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D03B50	4_2_00007FF7E6D03B50
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB9CF0	4_2_00007FF7E6CB9CF0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C04D00	4_2_00007FF7E6C04D00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D13CE0	4_2_00007FF7E6D13CE0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFED0C	4_2_00007FF7E6CFED0C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4ACC3	4_2_00007FF7E6C4ACC3
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C79C90	4_2_00007FF7E6C79C90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB5C30	4_2_00007FF7E6CB5C30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C1BC30	4_2_00007FF7E6C1BC30
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFCC54	4_2_00007FF7E6CFCC54
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BA13	4_2_00007FF7E6C4BA13
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C75A10	4_2_00007FF7E6C75A10
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CC0A00	4_2_00007FF7E6CC0A00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C449B0	4_2_00007FF7E6C449B0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B9B6	4_2_00007FF7E6C4B9B6
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C549C0	4_2_00007FF7E6C549C0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4B959	4_2_00007FF7E6C4B959
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C9C990	4_2_00007FF7E6C9C990
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C23990	4_2_00007FF7E6C23990
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C79990	4_2_00007FF7E6C79990
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C6A920	4_2_00007FF7E6C6A920
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CCC950	4_2_00007FF7E6CCC950
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C3EB10	4_2_00007FF7E6C3EB10
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA7AB0	4_2_00007FF7E6CA7AB0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BACD	4_2_00007FF7E6C4BACD
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C72AD0	4_2_00007FF7E6C72AD0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CB2AC0	4_2_00007FF7E6CB2AC0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D05A70	4_2_00007FF7E6D05A70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C4BA70	4_2_00007FF7E6C4BA70
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CFCA68	4_2_00007FF7E6CFCA68
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C40A90	4_2_00007FF7E6C40A90
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C97A80	4_2_00007FF7E6C97A80
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6BFCA30	4_2_00007FF7E6BFCA30

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: String function: 0046FEFC appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: String function: 004707A0 appears 31 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: String function: 0046FFD0 appears 56 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C86E30 appears 100 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6CF65D0 appears 51 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C9DE30 appears 220 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C7BE10 appears 38 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C7BC50 appears 45 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C65910 appears 46 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6CB67F0 appears 49 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6D06054 appears 35 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6C9E0B0 appears 110 times
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: String function: 00007FF7E6BF6070 appears 94 times
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: String function: 00007FF647292840 appears 126 times
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: String function: 00007FF6472923D0 appears 102 times

PE file contains executable resources (Code or Archives)

Source: pl_rsrc_bulgarian.dll.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: pl_rsrc_french.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: pl_rsrc_french.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
Source: pl_rsrc_french.dll.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.115
Source: pl_rsrc_german.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: pl_rsrc_italian.dll.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: pl_rsrc_korean.dll.0.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: pl_rsrc_russian.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: pl_rsrc_slovenian.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX COFF pure executable, sections 78, created Sun Mar 29 05:32:17 1970, not stripped, version 110
Source: pl_rsrc_spanish.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped

PE file does not import any functions

Source: pl_rsrc_korean.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_russian.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_english.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_spanish.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_french.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_chinese_traditional.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_german.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_polish.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_japanese.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_italian.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_slovenian.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_finnish.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_chinese.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_ptbr.dll.0.dr	Static PE information: No import functions for PE file found
Source: pl_rsrc_bulgarian.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus31.evad.winEXE@120/207@42/16

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00457727 GetLastError,FormatMessageW,

0_2_00457727

Source: C:\Users\user\Desktop\ProcessLasso.exe

4_2_00007FF7E6C5FB40

Source: C:\Users\user\Desktop\ProcessLasso.exe

4_2_00007FF7E6C68690

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF64727D820

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0046B6D2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

0_2_0046B6D2

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF647296FC0 OpenSCManagerW,OpenServiceW,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

1_2_00007FF647296FC0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_4167031

Jump to behavior

Source: C:\Users\user\Desktop\bitsumsessionagent.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\{878ec006-8bb7-4487-a9d9-6ab726fdad61}

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: sfxname	0_2_0046F05C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: sfxstime	0_2_0046F05C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: p0I	0_2_0046F05C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Command line argument: STARTDLG	0_2_0046F05C

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ProcessLasso.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: ProcessLasso.exe	String found in binary or memory: /stopafter=
Source: ProcessLasso.exe	String found in binary or memory: /stopafter=

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Process created: C:\Users\user\Desktop\PostUpdate.exe "C:\Users\user\Desktop\PostUpdate.exe"
Source: unknown	Process created: C:\Users\user\Desktop\bitsumsessionagent.exe C:\Users\user\Desktop\bitsumsessionagent.exe ----------------------------------------------------------------
Source: unknown	Process created: C:\Users\user\Desktop\bitsumsessionagent.exe C:\Users\user\Desktop\bitsumsessionagent.exe ----------------------------------------------------------------
Source: C:\Users\user\Desktop\PostUpdate.exe	Process created: C:\Users\user\Desktop\ProcessLasso.exe /postupdate
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2008,i,15519515346526546949,12768663373264760233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1984,i,5106367926550211044,9373728312157229491,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1996,i,7114810720293782166,12932913640708286940,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,2617033844371038707,2385638837885236536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1948,i,16641894259137025231,17552674618342249670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,18071265613074346824,7565659784721279921,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1952,i,13378929248748638004,16609101256085625740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1992,i,3103486031131948529,12771731290429994548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2000,i,4281038644087026732,4404549652330960055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1984,i,16754105667391397097,1628277584012059700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,13307509518589281415,1496618762875588576,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1984,i,10167203328593902513,15389311701757241189,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1724,i,14353911626792566164,9578348925622307936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1988,i,7229309035351989711,14618348612749984897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Process created: C:\Users\user\Desktop\PostUpdate.exe "C:\Users\user\Desktop\PostUpdate.exe"	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Process created: C:\Users\user\Desktop\ProcessLasso.exe /postupdate	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2008,i,15519515346526546949,12768663373264760233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1984,i,5106367926550211044,9373728312157229491,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1996,i,7114810720293782166,12932913640708286940,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,2617033844371038707,2385638837885236536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1948,i,16641894259137025231,17552674618342249670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1724,i,14353911626792566164,9578348925622307936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,18071265613074346824,7565659784721279921,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1952,i,13378929248748638004,16609101256085625740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1992,i,3103486031131948529,12771731290429994548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2000,i,4281038644087026732,4404549652330960055,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1984,i,16754105667391397097,1628277584012059700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,13307509518589281415,1496618762875588576,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1984,i,10167203328593902513,15389311701757241189,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1724,i,14353911626792566164,9578348925622307936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1988,i,7229309035351989711,14618348612749984897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: pl_rsrc_english.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: pl_rsrc_english.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Section loaded: wkscli.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\PostUpdate.exe

File written: C:\Users\user\AppData\Local\ProcessLasso\config\prolasso.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\ProcessLasso.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Jump to behavior

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static file information: File size 2995928 > 1048576

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_korean.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_korean.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_polish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_polish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdb source: LogViewer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\testlasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, testlasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdb source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb$ source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdbi source: InstallHelper.exe.0.dr
Source:	Binary string: c:\pl\output\PostUpdate.pdbZ source: PostUpdate.exe, 00000001.00000002.1688982027.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe, 00000001.00000000.1652854987.00007FF6472C1000.00000002.00000001.01000000.00000009.sdmp, PostUpdate.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdb source: Insights.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_german.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_german.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb` source: CPUEater.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\Insights.pdbd source: Insights.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\LogViewer.pdbJ source: LogViewer.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_french.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_french.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessLassoLauncher.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000070AC000.00000004.00000020.00020000.00000000.sdmp, ProcessLassoLauncher.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_slovenian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_slovenian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\QuickUpgrade.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, QuickUpgrade.exe.1.dr, QuickUpgrade.exe.Replacement.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_bulgarian.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_bulgarian.dll.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdbGCTL source: ProcessGovernor.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\x64\Release\bitsumsessionagent.pdb source: bitsumsessionagent.exe, 00000002.00000002.2879821342.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000002.00000000.1663989043.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000002.1688973134.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe, 00000003.00000000.1680227560.00007FF7E99EB000.00000002.00000001.01000000.0000000C.sdmp, bitsumsessionagent.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_finnish.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_finnish.dll.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_italian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_italian.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_chinese_traditional.dll.0.dr
Source:	Binary string: c:\pl\output\CPUEater.pdb source: CPUEater.exe.0.dr
Source:	Binary string: c:\pl\output\ProcessGovernor.pdb source: ProcessGovernor.exe.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdbS source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_russian.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_russian.dll.0.dr
Source:	Binary string: c:\pl\output\InstallHelper.pdb source: InstallHelper.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_japanese.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_japanese.dll.0.dr
Source:	Binary string: c:\pl\output\vistammsc.exe.pdbY source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp, vistammsc.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\pl_rsrc_spanish.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_spanish.dll.0.dr
Source:	Binary string: c:\pl\output\ThreadRacer.exe.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp, ThreadRacer.exe.0.dr
Source:	Binary string: c:\pl\output\pl_rsrc_ptbr.pdbGCTL source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp, pl_rsrc_ptbr.dll.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, ProcessLasso.exe, 00000004.00000000.1681252064.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe, 00000004.00000002.2882313735.00007FF7E6D2F000.00000002.00000001.01000000.0000000D.sdmp, ProcessLasso.exe.0.dr
Source:	Binary string: C:\dev\projs\ProcessSupervisor\output\plActivate.pdb source: plActivate.exe.0.dr

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF6472974D0

File is packed with WinRar

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_4167031

Jump to behavior

PE file contains an invalid checksum

Source: plActivate.exe.0.dr

Static PE information: real checksum: 0x369a0 should be: 0x3699f

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Static PE information: section name: .didat
Source: ProcessLasso.exe.0.dr	Static PE information: section name: _RDATA
Source: ProcessLassoLauncher.exe.0.dr	Static PE information: section name: _RDATA
Source: testlasso.exe.0.dr	Static PE information: section name: _RDATA
Source: ThreadRacer.exe.0.dr	Static PE information: section name: _RDATA
Source: TweakScheduler.exe.0.dr	Static PE information: section name: memcpy_
Source: TweakScheduler.exe.0.dr	Static PE information: section name: _RDATA
Source: vistammsc.exe.0.dr	Static PE information: section name: _RDATA
Source: bitsumsessionagent.exe.0.dr	Static PE information: section name: _RDATA
Source: CPUEater.exe.0.dr	Static PE information: section name: _RDATA
Source: Insights.exe.0.dr	Static PE information: section name: _RDATA
Source: InstallHelper.exe.0.dr	Static PE information: section name: _RDATA
Source: LogViewer.exe.0.dr	Static PE information: section name: _RDATA
Source: plActivate.exe.0.dr	Static PE information: section name: _RDATA
Source: PostUpdate.exe.0.dr	Static PE information: section name: _RDATA
Source: ProcessGovernor.exe.0.dr	Static PE information: section name: _RDATA
Source: QuickUpgrade.exe.Replacement.0.dr	Static PE information: section name: _RDATA
Source: QuickUpgrade.exe.1.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_004707F0 push ecx; ret	0_2_00470803
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046FEFC push eax; ret	0_2_0046FF1A
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472BBD8C push rax; ret	1_2_00007FF6472BBD8D
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C378C0 pushfq ; retf	4_2_00007FF7E6C37AFD
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C83B8A push rax; ret	4_2_00007FF7E6C83B8D

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\testlasso.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_slovenian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_italian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_english.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\CPUEater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_ptbr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\TweakScheduler.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\vistammsc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\QuickUpgrade.exe.Replacement	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ProcessLasso.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_japanese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\Insights.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\bitsumsessionagent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\PostUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_korean.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_bulgarian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ThreadRacer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_french.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\InstallHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_polish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\LogViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\plActivate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_russian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PostUpdate.exe	File created: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_chinese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_spanish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_chinese_traditional.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_finnish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	File created: C:\Users\user\Desktop\pl_rsrc_german.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

File created: C:\Users\user\Desktop\QuickUpgrade.exe.Replacement

Jump to dropped file

Boot Survival

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF647296FC0 OpenSCManagerW,OpenServiceW,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

1_2_00007FF647296FC0

Hooking and other Techniques for Hiding and Protection

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C5DEC0 IsWindowVisible,ShowWindow,IsIconic,ShowWindow,SendMessageW,ShowWindow,SetForegroundWindow,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,RegCloseKey,ShowWindow,

4_2_00007FF7E6C5DEC0

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF6472974D0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6CCAA20 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,OpenThread,SuspendThread,CloseHandle,Thread32Next,CloseHandle,

4_2_00007FF7E6CCAA20

Contains functionality to enumerate running services

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: OpenSCManagerW,EnumServicesStatusExW,GetLastError,EnumServicesStatusExW,CloseServiceHandle,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,

4_2_00007FF7E6CBBE70

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_slovenian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\testlasso.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_italian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\CPUEater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_ptbr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\TweakScheduler.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\vistammsc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\QuickUpgrade.exe.Replacement	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ProcessGovernor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_japanese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Insights.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_korean.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_bulgarian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ThreadRacer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ProcessLassoLauncher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_french.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\InstallHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_polish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\LogViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\plActivate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_russian.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PostUpdate.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\QuickUpgrade.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_chinese.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_spanish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_chinese_traditional.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_finnish.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pl_rsrc_german.dll	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\ProcessLasso.exe

API coverage: 2.7 %

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C15275 GetSystemTimeAsFileTime followed by cmp: cmp byte ptr [00007ff7e6d71c25h], 00000001h and CTI: jne 00007FF7E6C1591Dh

4_2_00007FF7E6C15275

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0045BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_0045BA94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_0046D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	0_2_0046D420
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472B6A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6472B6A84
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99E2048 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00007FF7E99E2048
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA21A0 DeleteFileW,DeleteFileW,RemoveDirectoryW,GetFileAttributesW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,GetFileAttributesW,	4_2_00007FF7E6CA21A0
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CA1C60 FindFirstFileW,GetFileAttributesW,FindNextFileW,_invalid_parameter_noinfo,	4_2_00007FF7E6CA1C60

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0046F82F VirtualQuery,GetSystemInfo,

0_2_0046F82F

Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmwareuser.exeWa
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000002.1656846047.0000000002572000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe?a
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000002.1656846047.0000000002572000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware-vmx.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\PostUpdate.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ProcessLasso.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ProcessLasso.exe	API call chain: ExitProcess graph end node

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00470A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00470A0A

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\PostUpdate.exe

Code function: 1_2_00007FF64729E5A8 InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW,

1_2_00007FF64729E5A8

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6CCAA20 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,OpenThread,SuspendThread,CloseHandle,Thread32Next,CloseHandle,

4_2_00007FF7E6CCAA20

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PostUpdate.exe

1_2_00007FF6472974D0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_004791B0 mov eax, dword ptr fs:[00000030h]

0_2_004791B0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0047D1F0 GetProcessHeap,

0_2_0047D1F0

Enables debug privileges

Source: C:\Users\user\Desktop\ProcessLasso.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00470A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00470A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00470B9D SetUnhandledExceptionFilter,	0_2_00470B9D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00470D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00470D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: 0_2_00474FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00474FEF
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729F670 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF64729F670
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF6472AA01C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF6472AA01C
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729FD00 SetUnhandledExceptionFilter,	1_2_00007FF64729FD00
Source: C:\Users\user\Desktop\PostUpdate.exe	Code function: 1_2_00007FF64729FB1C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF64729FB1C
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D4184 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF7E99D4184
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D4368 SetUnhandledExceptionFilter,	2_2_00007FF7E99D4368
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99D3E40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FF7E99D3E40
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	Code function: 2_2_00007FF7E99DDD18 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF7E99DDD18
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6C5FB40 GetTickCount64,GetSystemInfo,GetVersionExW,MessageBoxW,SetUnhandledExceptionFilter,InitializeCriticalSection,InitializeCriticalSection,CreateEventW,CreateEventW,CoInitializeEx,CoInitializeSecurity,InitCommonControlsEx,#17,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,OpenEventW,SetEvent,CloseHandle,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,RegCloseKey,GetSystemInfo,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,RegCreateKeyExW,RegSetValueExW,RegCloseKey,CreateEventW,SetEvent,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,LeaveCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,LeaveCriticalSection,LeaveCriticalSection,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,OpenProcess,Sleep,WaitForSingleObject,CloseHandle,FindWindowW,FindWindowW,PostMessageW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,ShellExecuteW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,GdiplusStartup,CreateEventW,LoadLibraryW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,MessageBoxW,SetProcessShutdownParameters,GetCommandLineW,CreateThread,WaitForSingleObject,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,DialogBoxParamW,MessageBoxW,ExitProcess,CreateThread,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,DialogBoxParamW,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,GetModuleHandleW,LoadAcceleratorsW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetActiveProcessorCount,GetModuleHandleW,LoadIconW,CreateEventW,SetEvent,WaitForSingleObject,TerminateThread,ResetEvent,CreateThread,CreateThread,CreateThread,CreateThread,OpenMutexW,OpenMutexW,CloseHandle,Sleep,CreateThread,CreateThread,CreateThread,GetFileAttributesW,PostMessageW,GetMessageW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,GetMessageW,CloseHandle,CloseHandle,SetEvent,Shell_NotifyIconW,Sleep,CreateEventW,SetEvent,WaitForSingleObject,TerminateThread,GdiplusShutdown,DeleteCriticalSection,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeleteCriticalSection,SetEvent,WaitForSingleObject,TerminateThread,RegCloseKey,LoadStringW,LoadLibraryW,GetModuleHandleW,LoadStringW,	4_2_00007FF7E6C5FB40
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6CF4E00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF7E6CF4E00
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: 4_2_00007FF7E6D00A98 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF7E6D00A98

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\bitsumsessionagent.exe	NtQueryInformationProcess: Indirect: 0x7FF7E99D1EA8	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	NtQuerySystemInformation: Indirect: 0x7FF7E6CC3E81	Jump to behavior
Source: C:\Users\user\Desktop\bitsumsessionagent.exe	NtQueryInformationProcess: Indirect: 0x7FF7E99D23A9	Jump to behavior

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6C70BB0 GetModuleHandleW,GetModuleFileNameW,ShellExecuteExW,GetStartupInfoW,CreateProcessW,

4_2_00007FF7E6C70BB0

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Process created: C:\Users\user\Desktop\PostUpdate.exe "C:\Users\user\Desktop\PostUpdate.exe"	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1976,i,556397286523747728,13715138569827133155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitsum.com/get-lasso-pro/?discount=BITSUM25OFF&inproductcoupon=1	Jump to behavior

Source: C:\Users\user\Desktop\ProcessLasso.exe

4_2_00007FF7E6C168E0

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, TweakScheduler.exe.0.dr

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_00470826 cpuid

0_2_00470826

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe	Code function: GetLocaleInfoW,GetNumberFormatW,	0_2_0046C093
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,	4_2_00007FF7E6D156C8
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_00007FF7E6D1D364
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: GetLocaleInfoEx,	4_2_00007FF7E6CF4504
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_00007FF7E6D1D188
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,	4_2_00007FF7E6D1CD4C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: EnumSystemLocalesW,	4_2_00007FF7E6D1CC7C
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: GetLocaleInfoW,	4_2_00007FF7E6D15C64
Source: C:\Users\user\Desktop\ProcessLasso.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	4_2_00007FF7E6D1C930

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\PostUpdate.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\PostUpdate.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\ProcessLasso.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

0_2_0046F05C

Source: C:\Users\user\Desktop\ProcessLasso.exe

4_2_00007FF7E6C168E0

Source: C:\Users\user\Desktop\ProcessLasso.exe

Code function: 4_2_00007FF7E6D19140 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

4_2_00007FF7E6D19140

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Code function: 0_2_0045C365 GetVersionExW,

0_2_0045C365

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsgk32st.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cmdagent.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cfp.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgcsrvx.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avkservice.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsav32.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashwebsv.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsdfwd.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vsmon.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashserv.exe
Source: ProcessLasso.exe, 00000004.00000002.2879653332.000002A8B2697000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashmaisv.exe

ID:	1436481
Product:	CloudBasic
Start time:	14:32:05
Start date:	05.05.2024
Sample:	SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	99f74d2572735bbacb8251a73e9cb312
SHA1:	5a43d2e4314e32572d6399ec61175f42af567822
SHA256:	b68bf709ac86ed32664e0e2ddd27da386281480979860e95240ced16f50fd926
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprocesslassolauncher.exe< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007116000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenametestlasso.exe< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000083A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007B26000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006D11000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006E42000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007661000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000070AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprocesslasso.exe< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007829000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000073BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007D10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000007F06000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000079F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000081B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008574000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000071D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamethreadracer.exe8 vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000887A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000008748000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamequickupgrade.exe< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.00000000072C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevistammsc.exep( vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.0000000006B28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepl_rsrc_english.dll< vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe
Source: SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe, 00000000.00000003.1644350315.000000000726E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenametweaksch.exe> vs SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Windows Analysis Report SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Privilege Escalation

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Trojan.MulDrop26.56882.6817.6147.exe