d2d32415f11504b7540a0436cd5add5b7555a95500de5325840fe81f65c311d8

Analysis

max time kernel
148s
max time network
131s
platform
windows7_x64
resource
win7-en-20211104
submitted
07-11-2021 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe
Size

24.6MB
MD5

4db3483126859b7cc0e9c60ec951fe9a
SHA1

2970fd5580793a5f979261d5fe1120a12b9ce09d
SHA256

92c06cb5f2776d243bde4630d3f5847447c97aacc0c0e7e86f5cfdac9c2a4754
SHA512

698aad9de6b38d1393e411c57388617a6da25efc55dd3d98d943adfa10433ecff7b8317a6e391b76e722bc2b4ea86f494d79fa0c97745b14fb95d934d026ac35

Score

8^/10

discovery link pdf

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

PanoramaStudio3Pro Portable.exePanoramaStudio3Pro.exe

pid process

364 PanoramaStudio3Pro Portable.exe
676 PanoramaStudio3Pro.exe

pid	process
364	PanoramaStudio3Pro Portable.exe
676	PanoramaStudio3Pro.exe

Loads dropped DLL 22 IoCs

Processes:

92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exePanoramaStudio3Pro Portable.exePanoramaStudio3Pro.exe

pid	process
660	92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe
364	PanoramaStudio3Pro Portable.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

PanoramaStudio3Pro.exePanoramaStudio3Pro Portable.exe92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140_1.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5NetworkR.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@APPDATA@\tshsoft\PanoramaStudio3Pro\PanoramaStudio.INI.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\io\rawdll.pio	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5GuiR.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140_1.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5NetworkR.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\vcomp140.dll.__meta__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5GuiR.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5PrintSupportR.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\vcomp140.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@APPDATA@\tshsoft\PanoramaStudio3Pro\PanoramaStudio.INI	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\filters.pfx.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\papplet.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\vcomp140.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\filters.pfx.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\roaming\xregistry.bin.__tmp__	PanoramaStudio3Pro Portable.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\printsupport\windowsprintersupport.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\printsupport\windowsprintersupport.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\io\rawdll.pio	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\filters.pfx.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\printsupport\windowsprintersupport.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@APPDATA@\tshsoft\PanoramaStudio3Pro\PanoramaStudio.INI	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\io\rawdll.pio.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140_1.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\pascr.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5PrintSupportR.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\vcomp140.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\io\common.pio	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\io\common.pio.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\xregistry.bin.__tmp__	PanoramaStudio3Pro Portable.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5CoreR.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\papplet.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5WidgetsR.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5NetworkR.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\styles\qwindowsvistastyle.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@APPDATA@\tshsoft\PanoramaStudio3Pro\PanoramaStudio.INI	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\xsandbox.bin	PanoramaStudio3Pro Portable.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\xsandbox.bin.__tmp__	PanoramaStudio3Pro Portable.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140_1.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5PrintSupportR.dll.__meta__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\io\common.pio	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\Uninstall.ini	92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\xsandbox.bin.__tmp__	PanoramaStudio3Pro Portable.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5WidgetsR.dll.__meta__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\winmig-28.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\io\common.pio.__meta__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\filters.pfx	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\PanoramaStudio3Pro.exe	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140_1.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\vcomp140.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\winmig-28.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\platforms\qwindows.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\printsupport\windowsprintersupport.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\meta\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140.dll.__meta__.__tmp__	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\platforms\qwindows.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\styles\qwindowsvistastyle.dll	PanoramaStudio3Pro.exe
File created	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\temp\@PROGRAMFILES@\PanoramaStudio3Pro\styles\qwindowsvistastyle.dll	PanoramaStudio3Pro.exe
File opened for modification	C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\stubexe\0x17F829FBD5373F10\PanoramaStudio3Pro.exe.__tmp__	PanoramaStudio3Pro Portable.exe

HTTP links in PDF interactive object 3 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe	pdf_with_link_action
C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe	pdf_with_link_action
C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe	pdf_with_link_action

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

PanoramaStudio3Pro.exe

pid process

676 PanoramaStudio3Pro.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

PanoramaStudio3Pro.exe

pid process

676 PanoramaStudio3Pro.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

PanoramaStudio3Pro.exe

pid process

676 PanoramaStudio3Pro.exe
676 PanoramaStudio3Pro.exe
676 PanoramaStudio3Pro.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

PanoramaStudio3Pro.exe

pid process

676 PanoramaStudio3Pro.exe

pid	process
676	PanoramaStudio3Pro.exe

pid	process
676	PanoramaStudio3Pro.exe

pid	process
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe
676	PanoramaStudio3Pro.exe

pid	process
676	PanoramaStudio3Pro.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exePanoramaStudio3Pro Portable.exe

description	pid	process	target process
PID 660 wrote to memory of 364	660	92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe	PanoramaStudio3Pro Portable.exe
PID 660 wrote to memory of 364	660	92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe	PanoramaStudio3Pro Portable.exe
PID 660 wrote to memory of 364	660	92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe	PanoramaStudio3Pro Portable.exe
PID 660 wrote to memory of 364	660	92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe	PanoramaStudio3Pro Portable.exe
PID 364 wrote to memory of 676	364	PanoramaStudio3Pro Portable.exe	PanoramaStudio3Pro.exe
PID 364 wrote to memory of 676	364	PanoramaStudio3Pro Portable.exe	PanoramaStudio3Pro.exe
PID 364 wrote to memory of 676	364	PanoramaStudio3Pro Portable.exe	PanoramaStudio3Pro.exe
PID 364 wrote to memory of 676	364	PanoramaStudio3Pro Portable.exe	PanoramaStudio3Pro.exe
PID 364 wrote to memory of 676	364	PanoramaStudio3Pro Portable.exe	PanoramaStudio3Pro.exe

C:\Users\Admin\AppData\Local\Temp\92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe
"C:\Users\Admin\AppData\Local\Temp\92C06CB5F2776D243BDE4630D3F5847447C97AACC0C0E7E86F5CFDAC9C2A4754.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:660

C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe
"C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:364

C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\stubexe\0x17F829FBD5373F10\PanoramaStudio3Pro.exe
"C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\stubexe\0x17F829FBD5373F10\PanoramaStudio3Pro.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:676

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\stubexe\0x17F829FBD5373F10\PanoramaStudio3Pro.exe
MD5
9c34c959a195c0d5b36ff9263bc9a978

SHA1
25170fa0b92893adde10f33a66674e56cd818386

SHA256
8362a0186116d479b1f65bc40f76bad3bfaf930e441496fdcbcb81161c204509

SHA512
6ead7bc766ab7a3829ced799d911b6f4653728676a30cfc426bb7e091417bfac3e7d52b4d92e80a1b739d002a657a786fdec1a0f50e993a1f8147b56c86f1ca2

Download Submit
C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\xsandbox.bin
MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe
MD5
0073c379c6dbeb0524c3f9c0ff41b4a2

SHA1
939cef06d590f0eb08a1623f53e1b19e2c68fd76

SHA256
a9237af7de6d41a850627f94d1064c6246ea5d3c4cf424e080566f7c8863ead5

SHA512
71be06b0db974851c514ad5188851e58c2a22e8ad22bf9e50470dc1299597c07f8b71fe913331fc3ecc3b4e40520211c8a84933359cb841d563c4e5661c025c5

Download Submit
C:\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe
MD5
0073c379c6dbeb0524c3f9c0ff41b4a2

SHA1
939cef06d590f0eb08a1623f53e1b19e2c68fd76

SHA256
a9237af7de6d41a850627f94d1064c6246ea5d3c4cf424e080566f7c8863ead5

SHA512
71be06b0db974851c514ad5188851e58c2a22e8ad22bf9e50470dc1299597c07f8b71fe913331fc3ecc3b4e40520211c8a84933359cb841d563c4e5661c025c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\PanoramaStudio3Pro.exe_0xC04D03093BCC03A6A7A994F3456D3281.1.manifest
MD5
52344902454ff136c92e71b8516da835

SHA1
b4a5206dcb9a68b4d366de3fb6ce6d79bf2c2c25

SHA256
4d49fa4af7da59b1706c8262352abbd02808cd630c7d0f8957d2dc8f77ef9e1a

SHA512
456b90c649a6c08788474074a9bc35196f358bbc037e2462a9f655290f4ebc78bcd4d1072e7978b87fff37e01c9ac6dda3fe111b22eacb81df51eaf1295e57c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\Qt5CoreR.dll_0x69F8ADDB23B3462A32F1577CC907174A.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\Qt5GuiR.dll_0xE97E0E5DBF789D311C34FD50F4D275FB.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\Qt5NetworkR.dll_0xB1A94B7BCDC8619EFE714545D3DDC19C.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\Qt5PrintSupportR.dll_0x99FE78B463C2DA5AFD8A138603354547.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\Qt5WidgetsR.dll_0xA82C859DF454284A794E66B11161109C.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\common.pio_0x475D3D3DA97A7EFEC70E8FA1AADAB81B.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\filters.pfx_0x4E88B812DD5C2271ED2037C23222F290.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\papplet.dll_0x27EB2A9F0978ACFBE78CA62679F640F9.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\pascr.dll_0x7F65A11F762644547B289968CB0D30C4.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\rawdll.pio_0x609A66C8E746C022406E232581A3495D.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xD1A76BF391A60F28\sxs\manifests\winmig-28.dll_0xACCD4365D19FCB4BC9363B295B03685F.2.manifest
MD5
73102579f0cc3777bdd0ba96bab8d6f4

SHA1
08512e731aed9cdfeebf2e8fdc24a35ea23e3477

SHA256
03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

SHA512
e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\PanoramaStudio3Pro.exe
MD5
c04d03093bcc03a6a7a994f3456d3281

SHA1
ad3f508085eb9039605ef2389ae0152314a521b0

SHA256
8e5065de7c38d40bc26ae65209ee4902d81db4ee693849d6cff24e62646dc507

SHA512
55cc02302564ed1d15247603aafad98fd95bb396f57e50fcd91da794523131141219558e4ee6e7e37befcd8557a28128922eefcbb0f0f070887625e54f8362a6

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5CoreR.dll
MD5
69f8addb23b3462a32f1577cc907174a

SHA1
a0c4375415459f0ba9b6c105e7f93b81be040936

SHA256
a7c56a249d8a2e8fa0efae39a5f42ac3f4f7ed708e333e02560f45c317816da4

SHA512
b26ea1e7efe8682e2ca373113cfd6a50bf406a0b55ecf43d9c9dc517baddc9010d282ebcd1f8ed271ddb40cd4f210b01dd669f4d7445db1af93ade59c7785324

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5GuiR.dll
MD5
e97e0e5dbf789d311c34fd50f4d275fb

SHA1
2ba4aba0ce3f4f18a93a3c3a9fe5e1b8871b8d2e

SHA256
e2af91ce3a0afa39deffefaa64c0f16a52fbcbbf7143869e1d580989217c1724

SHA512
131d7fd4ff7719576a5c5e63258316b1164489a6a806a4a1c70ca61a3a3d3a8aa66358cf9b8a24375f99b48972d0c6adad67c38904c2d60bfc5fba686788495d

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5NetworkR.dll
MD5
b1a94b7bcdc8619efe714545d3ddc19c

SHA1
9db7034eba739bb21bd01ce540064593ffae079a

SHA256
141cc2132cbf985c5313690d7d7e0b382494c402cfcc79272e7e7c3981459a49

SHA512
2fabd562960ab6e61ecab88340ba376cf5e194ce817b28720c29d4854e8c1c83dc51be4a45a2ca95f81bc797e1cf01dce3aa063b46caa52f8efa34495953cd3b

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5PrintSupportR.dll
MD5
99fe78b463c2da5afd8a138603354547

SHA1
bfa1a0f2aa929c153556b098ea6cfaa405f48ac0

SHA256
a8cfdea54013a66592cb1d5880a94c30b9e9441cfc598c3ac5331f955ab3f72f

SHA512
a03889959a0b4982eb63d11eedab567e01e641414f7f9256311bb713bd0336c42f83d7dfb58eef7dda72e89a0cb5c148e8201eb113d7830892edd190612d27dc

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\Qt5WidgetsR.dll
MD5
a82c859df454284a794e66b11161109c

SHA1
d4e85d879bc21ad3dfa92a0f56860ce3139e653d

SHA256
090e5c07e71b07bcb8cd2e8e84dc80edd383fa10a4db7e199cef214925e51fee

SHA512
34d29f67e9bd25dcceb48e64ee1826f58025959ac5777097d294ba94f7dd8d738b18ddd58e2d8f803014640a53f940189f55e7c6aa283b35e0dd3a4408f85a44

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\filters.pfx
MD5
4e88b812dd5c2271ed2037c23222f290

SHA1
ce41188641375a5ed01cf56c6a857fa4f363aad4

SHA256
3df4c049d9b6139d476874610c03e53acc3555cc4b9cc4434a79b4032dc0a6bc

SHA512
99d030545485b22f0df527ccd41e90c92cc50630e9efca356e03fab41442951679bb0552ca89e418e876ed01f9afe239932a1e9e07b15be733330eae994f560c

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\io\common.pio
MD5
475d3d3da97a7efec70e8fa1aadab81b

SHA1
5b818e734e44fc5943ae024923d286ffefdb2308

SHA256
1000f89d64d67892e11fad41e19367a131aecd0ec69f9c745f4a92ed1925b454

SHA512
7f25392a02d1f9383cd08de82990789e78db7678771676289cada3f5ff7ff00f118dbb2d7c9bd1f55e536b630c1be0a0a8668b12b30a7b164c973ade2358d82d

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\io\rawdll.pio
MD5
609a66c8e746c022406e232581a3495d

SHA1
3f2672fcb5646b1d111908b0aa55f502652bb6c0

SHA256
71e0dd587c213e06e11d9684ea4190b8c6396ead597709e1742ceab0606b3ad4

SHA512
75d6a0f479e3063f6721e34cc0eefc793053d8277e99b183fd139bd6d3788253c3d38307dc2425e3d1cdda9e8fd3ef07a6747053162287a589d628a4dba9b488

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140.dll
MD5
57e1c539476b9e59919baea9f5fd61e9

SHA1
9e856c8fd5ff6ec5681e28723e3d785d06095598

SHA256
ef27a68bdc1ee3d5d9a6a720b656bfb7604a8fac6aceb245a6eadc2788686d9f

SHA512
abfd8149c115c308321af9cb55c495a3b3d3cf1c8faa86e073fa42dd0c7aba9b1fb308d7bcdf8bde80a0254ffac86611bd9377e4d8bbbb638703cfbd7bee70c8

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\msvcp140_1.dll
MD5
b1e240f90d57451bb16a5a6d1d61740b

SHA1
265fb57ca68ddaed1e1d80c037f294eee96c0aa1

SHA256
1f9fd98375afa97e5c97c667a5a36a03b9653e3a4c8554cebf0f256a613a68a1

SHA512
128b125d9338b938c8b716f265debe01d6a69cb5949fbf8c14857da3b3441eb1d6cc6a6b246add71e5dc7397d51cb2af20d9956e63e6a8d82bc05ae7f6e661ea

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\papplet.dll
MD5
27eb2a9f0978acfbe78ca62679f640f9

SHA1
27202d104a7956aa4527ed8e3efc5e3a8cbb20fe

SHA256
d50051154f152fc92a408981a332b588cf62c8637115eb695979a6a81aa6ac2f

SHA512
06c98807d1d59948b6d63cec96f18158d457e11d63a06a95aba6ab0922438730dcf055c7971e6f5b6cff1187b90d0d15636c8ef9c2805a2d705bc5f715c6921b

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\pascr.dll
MD5
7f65a11f762644547b289968cb0d30c4

SHA1
c1d87dcb305d61b8852f452e27a001330994a08d

SHA256
1f8973ef02ee62ec43b2e915d22430347f29d81a022d9e37dafdf2c61e1a7894

SHA512
6b31f8f31b4136bd844205b422c6396ca54c062619bd740868810afed3960f9a9066bcd0f614a48a38f7c8b1ef6fe5cab3d0d13520f6980c2a462c159e272b40

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\platforms\qwindows.dll
MD5
d4bafb3c56b7b5f218aa1853fb57b707

SHA1
f6f4475bd396013fbb967ac8fce35df479243a29

SHA256
365bb4d4e404776cb4b905ddc6671526a1258c1aa77b581d5a7316dd767fc7c3

SHA512
88abc7c719a3a62b23b89c1722a2b5cee60e1dbd857fb80b7697d66b1fccf174d0aba437274cdfef108ea8d7f51c469f5952e54dbed1c03cdfae970a9695dc5e

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\printsupport\windowsprintersupport.dll
MD5
e6c858fd22730bf63b65fb7fd57eb643

SHA1
febb9d852136e6c1a127e0fe3a0acbcd3e61b02e

SHA256
cbadadcef05cd0bbe37de18c76ebf22a2f4b4a7be8b4a73826e0d74f5ed791cd

SHA512
a4f81f7f33cdef7a3f98841b89ec2f33cf65f2fa0d046555a734c27494cb20c75b1affe9b288c1824862852db6dec2ba558b767df9feb1459ec67639d9112bcd

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\styles\qwindowsvistastyle.dll
MD5
5d7878478e1e90567ebfaf4e2cb462da

SHA1
5c3e655ccf3199117c055c063b681f5c8481738e

SHA256
5e408c0b86c34e6e8ac4a223bbc7d4b4c1f40765ff2b494fab4bdf2b1322b157

SHA512
f145cbde08ca29bf6779f080a06a2d23d824a8c3b9e1af40d206952ea1bf585d673cb78e69987e330d14a41ac85176915fa62107311e9bd501cc0941895a214e

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\vcomp140.dll
MD5
e0602ee84abc9f4f691c85f9e475d630

SHA1
88c834d526c346eff60c3e5a3e01696cf6926b2a

SHA256
dbdf865a31ea5c3081520a996f2e300c0ba1398935c3a05b24f7f72b2aa6a5d6

SHA512
b3ab265f5b4a35f36fc80bb5c82bd98bf9344dc3c0c530d55f29744ffcf09911edc22190b5c15f5c287b27c0b761446c280ae773d0a8f3d80b57be76226ae6be

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140.dll
MD5
d012e07ad4f2bae1f1010fee9152f130

SHA1
a5dfb8391d80e0a3d6eb21608264bf51e9a0a39a

SHA256
97113d1b0bdff2fc3b69b2c09fe0b485b9a901e097c12a7cf616a2fcf3ba37f6

SHA512
1ce3afadec186deb3b05173eb0a84ec4e564935c60017d5d6b883fed91770142622d66a5add5b0e2c57c3c9fc958bd4247cdda8377d2af82e8ff4e4f83840fea

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\vcruntime140_1.dll
MD5
834fe7d9886815faba09bd3a5a959f19

SHA1
10f3a63b8530ce758506da798f5298888715605c

SHA256
b4289a206c121bc4e036e1077860b24511c7efad8bedb7f26c65d6160ac1f48c

SHA512
a94cb45b87b07eeb2c94f6f6df8ff4c39821394b44da24d6cc50bf39255536938e0976f42ed1a3c6bdad9abd2a84bbbb37b61862c2be6a421e6687385ac08108

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\modified\@PROGRAMFILES@\PanoramaStudio3Pro\winmig-28.dll
MD5
accd4365d19fcb4bc9363b295b03685f

SHA1
00b4096d77dfb55cdcb328fa74eb0528e1dbca72

SHA256
afe8acf038eba35aae1180a2614644301dcb9894e62b87a05e831450b17fcb86

SHA512
a3bba9f642587dffdf082bde99cc88a1519249ff73403ac094b142340123f0459cbd7289ce196c7f24fc27e86203b96abb6e5e503da8539807e55ac4b56e2b8c

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\3.5.8.331\local\stubexe\0x17F829FBD5373F10\PanoramaStudio3Pro.exe
MD5
9c34c959a195c0d5b36ff9263bc9a978

SHA1
25170fa0b92893adde10f33a66674e56cd818386

SHA256
8362a0186116d479b1f65bc40f76bad3bfaf930e441496fdcbcb81161c204509

SHA512
6ead7bc766ab7a3829ced799d911b6f4653728676a30cfc426bb7e091417bfac3e7d52b4d92e80a1b739d002a657a786fdec1a0f50e993a1f8147b56c86f1ca2

Download Submit
\Program Files (x86)\Tobias Huellmandel Software\PanoramaStudio 3\PanoramaStudio3Pro Portable.exe
MD5
0073c379c6dbeb0524c3f9c0ff41b4a2

SHA1
939cef06d590f0eb08a1623f53e1b19e2c68fd76

SHA256
a9237af7de6d41a850627f94d1064c6246ea5d3c4cf424e080566f7c8863ead5

SHA512
71be06b0db974851c514ad5188851e58c2a22e8ad22bf9e50470dc1299597c07f8b71fe913331fc3ecc3b4e40520211c8a84933359cb841d563c4e5661c025c5

Download Submit
memory/364-61-0x000007FEFB6F1000-0x000007FEFB6F3000-memory.dmp

Filesize
8KB

Download
memory/364-60-0x0000000000B10000-0x00000000010BB000-memory.dmp

Filesize
5.7MB

Download
memory/364-57-0x0000000000000000-mapping.dmp

Download
memory/660-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download
memory/676-80-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-130-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-97-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-100-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-102-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-101-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-99-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-96-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-95-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-94-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-93-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-92-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-109-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-110-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-111-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-112-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-113-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-114-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-115-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-117-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-116-0x000007FEF9B20000-0x000007FEF9B7D000-memory.dmp

Filesize
372KB

Download
memory/676-118-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-119-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-120-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-121-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-122-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-123-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-124-0x000007FEF9910000-0x000007FEF9AE5000-memory.dmp

Filesize
1.8MB

Download
memory/676-125-0x000007FEF4D30000-0x000007FEF53CF000-memory.dmp

Filesize
6.6MB

Download
memory/676-126-0x000007FEF4D30000-0x000007FEF53CF000-memory.dmp

Filesize
6.6MB

Download
memory/676-91-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-90-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-129-0x000007FEF4570000-0x000007FEF4D29000-memory.dmp

Filesize
7.7MB

Download
memory/676-98-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-131-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-132-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-133-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-134-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-135-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-136-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-137-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-138-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-139-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-140-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-141-0x000007FEFBF70000-0x000007FEFBF8E000-memory.dmp

Filesize
120KB

Download
memory/676-88-0x000007FEF6480000-0x000007FEF6512000-memory.dmp

Filesize
584KB

Download
memory/676-84-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-85-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-83-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-82-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-81-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-79-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-78-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-77-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-75-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-359-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/676-76-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-74-0x000007FEFB6F0000-0x000007FEFB8E4000-memory.dmp

Filesize
2.0MB

Download
memory/676-73-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-72-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-71-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-70-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-69-0x000007FEFD050000-0x000007FEFD0E7000-memory.dmp

Filesize
604KB

Download
memory/676-66-0x0000000000C10000-0x00000000011BB000-memory.dmp

Filesize
5.7MB

Download
memory/676-63-0x0000000000000000-mapping.dmp

Download