2b8235f92ed8e96ccd83e8a47428642f4d0599df496dc7c2d75772c3cc9d54cc

Analysis

max time kernel
82s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
14-04-2023 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
Size

1.4MB
MD5

0ae910eee527d508745f79d10762fdfb
SHA1

e40557b1cbf21942c45c0462e1b24a1a83ef9e99
SHA256

2b8235f92ed8e96ccd83e8a47428642f4d0599df496dc7c2d75772c3cc9d54cc
SHA512

7ca24844010d5be334d78dbb808b60785a1b4e507425e94c840d4bdd30f2aea8a4821e309c9ed673291d952cfae29868e73b9adc5ad436a39691720fc8b71afa
SSDEEP

24576:2nlwinUv+L8m657w6ZBLmkitKqBCjC0PDgM5A4woGHp:2nlyuVV1BCjBkJ

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

7za.exeHola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exenet_updater64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	7za.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	net_updater64.exe

Executes dropped EXE 7 IoCs

Processes:

Hola-Setup-x64-1.209.559.exenet_updater64.exetest_wpf.exenet_updater64.exenet_updater64.exetest_wpf.exetest_wpf.exe

pid	process
1324	Hola-Setup-x64-1.209.559.exe
3156	net_updater64.exe
2484	test_wpf.exe
4116	net_updater64.exe
1668	net_updater64.exe
4968	test_wpf.exe
4764	test_wpf.exe

Loads dropped DLL 15 IoCs

Processes:

net_updater64.exenet_updater64.exenet_updater64.exe

pid	process
3156	net_updater64.exe
3156	net_updater64.exe
3156	net_updater64.exe
3156	net_updater64.exe
3156	net_updater64.exe
4116	net_updater64.exe
4116	net_updater64.exe
4116	net_updater64.exe
4116	net_updater64.exe
4116	net_updater64.exe
1668	net_updater64.exe
1668	net_updater64.exe
1668	net_updater64.exe
1668	net_updater64.exe
1668	net_updater64.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe	upx
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe	upx
behavioral2/memory/1324-151-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe	upx
behavioral2/memory/1324-177-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx
behavioral2/memory/1324-206-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx
behavioral2/memory/1324-436-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx
behavioral2/memory/1324-444-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx
behavioral2/memory/2744-470-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx
behavioral2/memory/2744-628-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp	upx

Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 209.244.0.3
Destination IP 208.67.222.222
Destination IP 208.67.222.222
Destination IP 209.244.0.3

description	ioc
Destination IP	209.244.0.3
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	209.244.0.3

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Hola-Setup-x64-1.209.559.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hola = "C:\\Program Files\\Hola\\app\\hola.exe --auto-start"	Hola-Setup-x64-1.209.559.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 8 IoCs

Processes:

net_updater64.exetest_wpf.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater64.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater64.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater64.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_32C5FE0A4543109B82E92C22E4CDDA65	net_updater64.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_32C5FE0A4543109B82E92C22E4CDDA65	net_updater64.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log	test_wpf.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\BrightData	net_updater64.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater64.exe

Drops file in Program Files directory 21 IoCs

Processes:

Hola-Setup-x64-1.209.559.exe

description	ioc	process
File created	C:\Program Files\Hola\db\setup.conf	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\hola.exe	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\hola_svc.exe	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\hola_svc.exe	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\net_updater64.exe	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\log\install.log	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\7za.exe	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\lum_sdk64.dll.sdk	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\lum_sdk64.dll.sdk	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\image\Hola-Setup-x64-1.209.559.exe	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\image\Hola-Setup-x64-1.209.559.exe	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\hola_setup.exe	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\hola.exe	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\hola_split_tunnel.sys	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\net_updater64.exe	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\7za.exe	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\net_updater64.exe.sdk	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\net_updater64.exe.sdk	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\hola_split_tunnel.sys	Hola-Setup-x64-1.209.559.exe
File created	C:\Program Files\Hola\app\lum_sdk64.dll	Hola-Setup-x64-1.209.559.exe
File opened for modification	C:\Program Files\Hola\app\lum_sdk64.dll	Hola-Setup-x64-1.209.559.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 42 IoCs

Processes:

net_updater64.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	net_updater64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	net_updater64.exe

Modifies registry key 1 TTPs 20 IoCs

Modify Registry

T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

pid	process
3872	reg.exe
4468	reg.exe
3512	reg.exe
3780	reg.exe
3172	reg.exe
4200	reg.exe
4468	reg.exe
1884	reg.exe
4720	reg.exe
408	reg.exe
3568	reg.exe
4252	reg.exe
1196	reg.exe
672	reg.exe
1064	reg.exe
1108	reg.exe
216	reg.exe
1728	reg.exe
4260	reg.exe
3424	reg.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

net_updater64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	net_updater64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater64.exe

NTFS ADS 1 IoCs

Processes:

net_updater64.exe

description	ioc	process
File opened for modification	C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\lum_sdk_session_id:LUM:$DATA	net_updater64.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exeHola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exeHola-Setup-x64-1.209.559.exenet_updater64.exenet_updater64.exenet_updater64.exe

pid	process
2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
1324	Hola-Setup-x64-1.209.559.exe
1324	Hola-Setup-x64-1.209.559.exe
1324	Hola-Setup-x64-1.209.559.exe
1324	Hola-Setup-x64-1.209.559.exe
3156	net_updater64.exe
4116	net_updater64.exe
1668	net_updater64.exe
4116	net_updater64.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exeHola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exenet_updater64.exenet_updater64.exenet_updater64.exe

description	pid	process
Token: SeDebugPrivilege	2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
Token: SeDebugPrivilege	4484	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
Token: SeDebugPrivilege	3156	net_updater64.exe
Token: SeDebugPrivilege	4116	net_updater64.exe
Token: SeDebugPrivilege	1668	net_updater64.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Hola-Setup-x64-1.209.559.exe

pid process

1324 Hola-Setup-x64-1.209.559.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exeHola-Setup-x64-1.209.559.exenet_updater64.exenet_updater64.exenet_updater64.exe

description	pid	process	target process
PID 2700 wrote to memory of 4484	2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
PID 2700 wrote to memory of 4484	2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
PID 2700 wrote to memory of 4484	2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
PID 2700 wrote to memory of 1324	2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe	Hola-Setup-x64-1.209.559.exe
PID 2700 wrote to memory of 1324	2700	Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe	Hola-Setup-x64-1.209.559.exe
PID 1324 wrote to memory of 3156	1324	Hola-Setup-x64-1.209.559.exe	net_updater64.exe
PID 1324 wrote to memory of 3156	1324	Hola-Setup-x64-1.209.559.exe	net_updater64.exe
PID 3156 wrote to memory of 2484	3156	net_updater64.exe	test_wpf.exe
PID 3156 wrote to memory of 2484	3156	net_updater64.exe	test_wpf.exe
PID 3156 wrote to memory of 2484	3156	net_updater64.exe	test_wpf.exe
PID 1324 wrote to memory of 1668	1324	Hola-Setup-x64-1.209.559.exe	net_updater64.exe
PID 1324 wrote to memory of 1668	1324	Hola-Setup-x64-1.209.559.exe	net_updater64.exe
PID 4116 wrote to memory of 4968	4116	net_updater64.exe	test_wpf.exe
PID 4116 wrote to memory of 4968	4116	net_updater64.exe	test_wpf.exe
PID 4116 wrote to memory of 4968	4116	net_updater64.exe	test_wpf.exe
PID 1668 wrote to memory of 4764	1668	net_updater64.exe	test_wpf.exe
PID 1668 wrote to memory of 4764	1668	net_updater64.exe	test_wpf.exe
PID 1668 wrote to memory of 4764	1668	net_updater64.exe	test_wpf.exe

C:\Users\Admin\AppData\Local\Temp\Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
"C:\Users\Admin\AppData\Local\Temp\Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe
"C:\Users\Admin\AppData\Local\Temp\Hola-Browser-Setup-Inst-Agreed-C-Mmtdb2.exe" --monitor 1872
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4484

C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe
"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe" --silent --agree --app browser --campaign mmtdb2 --no-run-uis --no-rmt-conf --no-updater --no-hola-cr --hola-domain holavpninstaller.com
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1324

C:\Program Files\Hola\app\net_updater64.exe
"C:\Program Files\Hola\app\net_updater64.exe" --install win_hola.browser.hola.org --campaign mmtdb2
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3156

C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
4⤵
- Executes dropped EXE
PID:2484

C:\Program Files\Hola\app\net_updater64.exe
"C:\Program Files\Hola\app\net_updater64.exe" --uuid
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1668

C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
4⤵
- Executes dropped EXE
PID:4764

C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe
"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe" --silent --agree --app browser --campaign mmtdb2 --no-run-uis --no-rmt-conf --no-updater --no-svc --hola-cr-path "C:\\Users\\Admin\\AppData\\Local\\Temp\\chromium-110.0.5481.100.11.zip" --hola-domain holavpninstaller.com
2⤵
PID:2744

C:\Program Files\Hola\app\7za.exe
"C:\Program Files\Hola\app\7za.exe" x -o"C:\Program Files\Hola\temp" "C:\\Users\\Admin\\AppData\\Local\\Temp\\chromium-110.0.5481.100.11.zip" "chromium"
3⤵
- Checks computer location settings
PID:1668

C:\Program Files\Hola\app\net_updater64.exe
"C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.browser.hola.org
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4116

C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
2⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4968

C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 99015 --screen
2⤵
PID:4136

C:\Program Files\Hola\app\hola_svc.exe
"C:\Program Files\Hola\app\hola_svc.exe" --service
1⤵
PID:2212

C:\Windows\system32\rasdial.exe
rasdial
2⤵
PID:4768

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v hola
2⤵
- Modifies registry key
PID:1196

C:\Program Files\Hola\app\net_updater64.exe
"C:\Program Files\Hola\app\net_updater64.exe" --uuid
2⤵
PID:3444

C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe
3⤵
PID:3264

C:\Program Files\Hola\app\hola_svc.exe
"C:\Program Files\Hola\app\hola_svc.exe" --report-idle
2⤵
PID:5076

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_ts
2⤵
- Modifies registry key
PID:1884

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_appid
2⤵
- Modifies registry key
PID:4720

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v hola
2⤵
- Modifies registry key
PID:4468

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_appid
2⤵
- Modifies registry key
PID:3424

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_campaign
2⤵
- Modifies registry key
PID:408

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_campaign
2⤵
- Modifies registry key
PID:1108

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v after_update
2⤵
- Modifies registry key
PID:3568

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v agree_sent
2⤵
- Modifies registry key
PID:216

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v agree_sent /t REG_SZ /d 1 /f
2⤵
- Modifies registry key
PID:3872

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v svc_start_history /t REG_SZ /d 1681459894486 /f
2⤵
- Modifies registry key
PID:4468

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v profiledir_hola_cr
2⤵
- Modifies registry key
PID:3512

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v profiledir_hola_cr
2⤵
- Modifies registry key
PID:3780

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v svc_start_history
2⤵
- Modifies registry key
PID:4252

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v lum_sdk_appid
2⤵
- Modifies registry key
PID:1728

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v agree_ts
2⤵
- Modifies registry key
PID:4260

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v lum_sdk_appid
2⤵
- Modifies registry key
PID:672

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v ui_last_premium
2⤵
- Modifies registry key
PID:1064

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v after_update /t REG_SZ /d 1 /f
2⤵
- Modifies registry key
PID:3172

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v uuid
2⤵
- Modifies registry key
PID:4200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1064

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Hola\app\hola_svc.exe

Filesize
18.3MB

MD5
85145a8f4403d89173711abde440bac4

SHA1
6c939d2ea97db63348a8a522a41d368a95ccd83f

SHA256
f90fab60dfbaf1fb1dae187afe113905ee4f085ebc38b16928c0f6cfa966264c

SHA512
35a8b8a17c0c15a270f787f9cd50fc52a6a67a4d6e3d2c29404902787ac6c5abfb4c00d07e3ff2e3d96fca18d463e5b05a6047dbdda8fec34a0180b928b74974

Download Submit
C:\Program Files\Hola\app\hola_svc.exe

Filesize
18.3MB

MD5
85145a8f4403d89173711abde440bac4

SHA1
6c939d2ea97db63348a8a522a41d368a95ccd83f

SHA256
f90fab60dfbaf1fb1dae187afe113905ee4f085ebc38b16928c0f6cfa966264c

SHA512
35a8b8a17c0c15a270f787f9cd50fc52a6a67a4d6e3d2c29404902787ac6c5abfb4c00d07e3ff2e3d96fca18d463e5b05a6047dbdda8fec34a0180b928b74974

Download Submit
C:\Program Files\Hola\app\lum_sdk64.dll

Filesize
8.5MB

MD5
078f7aa1b464f6273f4c11e6661b544a

SHA1
e4ca419dfa2a98edc39b5c4e317dd63da0a2fb20

SHA256
64ab1b9a6be826186ff623616183fdf3be0cad1add937c0ea02bca4681d6908c

SHA512
a6d40a762a1b2ded24c1aed22b26df2e56bfe4367f5a0cc1ce94c640b2bb9d61e50b804d48469192295dee250e5715f08f5877ba9f80157542d4304fd5997e0d

Download Submit
C:\Program Files\Hola\app\lum_sdk64.dll

Filesize
8.5MB

MD5
078f7aa1b464f6273f4c11e6661b544a

SHA1
e4ca419dfa2a98edc39b5c4e317dd63da0a2fb20

SHA256
64ab1b9a6be826186ff623616183fdf3be0cad1add937c0ea02bca4681d6908c

SHA512
a6d40a762a1b2ded24c1aed22b26df2e56bfe4367f5a0cc1ce94c640b2bb9d61e50b804d48469192295dee250e5715f08f5877ba9f80157542d4304fd5997e0d

Download Submit
C:\Program Files\Hola\app\lum_sdk64.dll

Filesize
8.5MB

MD5
078f7aa1b464f6273f4c11e6661b544a

SHA1
e4ca419dfa2a98edc39b5c4e317dd63da0a2fb20

SHA256
64ab1b9a6be826186ff623616183fdf3be0cad1add937c0ea02bca4681d6908c

SHA512
a6d40a762a1b2ded24c1aed22b26df2e56bfe4367f5a0cc1ce94c640b2bb9d61e50b804d48469192295dee250e5715f08f5877ba9f80157542d4304fd5997e0d

Download Submit
C:\Program Files\Hola\app\lum_sdk64.dll

Filesize
8.5MB

MD5
078f7aa1b464f6273f4c11e6661b544a

SHA1
e4ca419dfa2a98edc39b5c4e317dd63da0a2fb20

SHA256
64ab1b9a6be826186ff623616183fdf3be0cad1add937c0ea02bca4681d6908c

SHA512
a6d40a762a1b2ded24c1aed22b26df2e56bfe4367f5a0cc1ce94c640b2bb9d61e50b804d48469192295dee250e5715f08f5877ba9f80157542d4304fd5997e0d

Download Submit
C:\Program Files\Hola\app\lum_sdk64.dll

Filesize
8.5MB

MD5
078f7aa1b464f6273f4c11e6661b544a

SHA1
e4ca419dfa2a98edc39b5c4e317dd63da0a2fb20

SHA256
64ab1b9a6be826186ff623616183fdf3be0cad1add937c0ea02bca4681d6908c

SHA512
a6d40a762a1b2ded24c1aed22b26df2e56bfe4367f5a0cc1ce94c640b2bb9d61e50b804d48469192295dee250e5715f08f5877ba9f80157542d4304fd5997e0d

Download Submit
C:\Program Files\Hola\app\lum_sdk64.dll

Filesize
8.5MB

MD5
078f7aa1b464f6273f4c11e6661b544a

SHA1
e4ca419dfa2a98edc39b5c4e317dd63da0a2fb20

SHA256
64ab1b9a6be826186ff623616183fdf3be0cad1add937c0ea02bca4681d6908c

SHA512
a6d40a762a1b2ded24c1aed22b26df2e56bfe4367f5a0cc1ce94c640b2bb9d61e50b804d48469192295dee250e5715f08f5877ba9f80157542d4304fd5997e0d

Download Submit
C:\Program Files\Hola\app\net_updater64.exe

Filesize
11.1MB

MD5
8e4a06c7a075a30a20774094b8bd65bf

SHA1
8b79256732b58d0a781a7a9694e4547af4cc34a5

SHA256
58c5672fbe167276c0b7f046d769e4ff7baed43997fc5be2e7b290709031cfc2

SHA512
dbc841340e18bc5e03590e1ccd508f7751bedaa26a137937fce0e95eea2409724cf621c490f7a155a2837180d028b9e4aafe76b377ba9b2d03675cd2369634a1

Download Submit
C:\Program Files\Hola\app\net_updater64.exe

Filesize
11.1MB

MD5
8e4a06c7a075a30a20774094b8bd65bf

SHA1
8b79256732b58d0a781a7a9694e4547af4cc34a5

SHA256
58c5672fbe167276c0b7f046d769e4ff7baed43997fc5be2e7b290709031cfc2

SHA512
dbc841340e18bc5e03590e1ccd508f7751bedaa26a137937fce0e95eea2409724cf621c490f7a155a2837180d028b9e4aafe76b377ba9b2d03675cd2369634a1

Download Submit
C:\Program Files\Hola\app\net_updater64.exe

Filesize
11.1MB

MD5
8e4a06c7a075a30a20774094b8bd65bf

SHA1
8b79256732b58d0a781a7a9694e4547af4cc34a5

SHA256
58c5672fbe167276c0b7f046d769e4ff7baed43997fc5be2e7b290709031cfc2

SHA512
dbc841340e18bc5e03590e1ccd508f7751bedaa26a137937fce0e95eea2409724cf621c490f7a155a2837180d028b9e4aafe76b377ba9b2d03675cd2369634a1

Download Submit
C:\Program Files\Hola\app\net_updater64.exe

Filesize
11.1MB

MD5
8e4a06c7a075a30a20774094b8bd65bf

SHA1
8b79256732b58d0a781a7a9694e4547af4cc34a5

SHA256
58c5672fbe167276c0b7f046d769e4ff7baed43997fc5be2e7b290709031cfc2

SHA512
dbc841340e18bc5e03590e1ccd508f7751bedaa26a137937fce0e95eea2409724cf621c490f7a155a2837180d028b9e4aafe76b377ba9b2d03675cd2369634a1

Download Submit
C:\Program Files\Hola\app\net_updater64.exe

Filesize
11.1MB

MD5
8e4a06c7a075a30a20774094b8bd65bf

SHA1
8b79256732b58d0a781a7a9694e4547af4cc34a5

SHA256
58c5672fbe167276c0b7f046d769e4ff7baed43997fc5be2e7b290709031cfc2

SHA512
dbc841340e18bc5e03590e1ccd508f7751bedaa26a137937fce0e95eea2409724cf621c490f7a155a2837180d028b9e4aafe76b377ba9b2d03675cd2369634a1

Download Submit
C:\Program Files\Hola\app\net_updater64.exe

Filesize
11.1MB

MD5
8e4a06c7a075a30a20774094b8bd65bf

SHA1
8b79256732b58d0a781a7a9694e4547af4cc34a5

SHA256
58c5672fbe167276c0b7f046d769e4ff7baed43997fc5be2e7b290709031cfc2

SHA512
dbc841340e18bc5e03590e1ccd508f7751bedaa26a137937fce0e95eea2409724cf621c490f7a155a2837180d028b9e4aafe76b377ba9b2d03675cd2369634a1

Download Submit
C:\Program Files\Hola\db\setup.conf

Filesize
86B

MD5
4d51e8c0c60e861b0e185f4e309852c6

SHA1
a2f0b24b91fdbd936badaaea9b3a35716cca7a15

SHA256
627a4e580a685a90b4f7fb8cf111d2926f7b608d47c76854fd426836a9b70241

SHA512
164b220071b2b89e7bc70dd4fec83e5d0966ec81db49df292842607f1446b847dca1185f191fdf9dfde49dd11a144b13de5aeb104b64faf688035f3c6183175a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\20230414_081034_01_install_1.371.271.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\20230414_081034_once_02_sent_cleanup_1.371.271.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\20230414_081034_once_03_is_admin_1.371.271.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\20230414_081106_once_06_service_install_1.371.271.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\20230414_081120_perr_15_peer_start.jslog

Filesize
1001B

MD5
10bfa9a233a0924208153357b95a0ad8

SHA1
51ea00545ec73d5e0c643ec11d730b98b7aa24b3

SHA256
729a0002529cf374c37e2c7ef709177a6ae493dce2e30a7d72d962c151d93c4c

SHA512
7ead7bce70b73ae2fb5fc33313f2a0934bd99ad8d9e5f9426803a98847c188c2eea6c438c46c71c435f848b3fbd2f3a80e396d738ef580b6204681aacb81afdc

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\20230414_081120_perr_choice_change.jslog

Filesize
1002B

MD5
1aadd867186efc5f5ccb596def36168c

SHA1
7d733b6b5edf6906da688e525aee8f5b7b684f27

SHA256
d19b5b1baa32566424ec15d5a9b85fff4df93908086bcc4cb4ebf712bbd7db7f

SHA512
ee92132bbb6f9b4176a6471ac7ac70a0d3d321d2585bd68ba8ccc235f4f42fe3512efa570a2c0f3148b35cd40edc68087e0068966c60e8f51936b36814f6c7b4

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\brd_sdk64_clr.dll

Filesize
7.3MB

MD5
03355c8dcd9bf34cde6f8e3eb5a176b3

SHA1
b56443c9e337993580bfd527b3f7f62284bcfcac

SHA256
a39561f053601f7c2f8491ac78e9ca70150b3917f117fea0a45f6c2622a23049

SHA512
c71e1e67b15119f217df1be9c636392df830b2a509c8a45412ac5d9daf5bd2e565afbaa545a7d1d49a2b9d241942a4658a68d696525b3f71c42e7df73349646a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\db\conf.json

Filesize
200B

MD5
31aa03814479e1e2c5e36b26b363b3a1

SHA1
407151bdffc70248a8e4061e0ba18ec2bbc83478

SHA256
9888370f28d96c490b01eb50d5a64848ab3a4bb48988f36b2968fe3f749bf981

SHA512
366de2d4b79bef207e91b30ddf996e09b43131ce6ef8063cc8c77e0d4ee64de0ca91048170d172d6d24cafe5223906b7364e67132bcbe5b4ed7d62c79b758770

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\db\conf.json

Filesize
634B

MD5
30cdaeec2a9c516a9e89b765ad4162c2

SHA1
ddb1e0a5e8e0d6ddb1b26fb89dc18ea7e5998c15

SHA256
0f5faccd124a052560a8321aaa5bd6929c8852ce33d0944b9b8e873eca5e8991

SHA512
c1f78357e92fbdbccacb906be89d10aab43199aa1b03c6b387e8fc70267307448af9fec2d8ca472b033094e3a5d0cd4ec0b6b46ef4272a2066e0d9e998c9e7b5

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\db\conf.json

Filesize
634B

MD5
208feacd52e55430938ebb9ced47da6f

SHA1
ce4a56d4756bed721b73065a2ce1f74188c47fea

SHA256
748b62c14cf585fa0b4e0c70501ffe5b3cd44ce53dbf8cc5481dd3789bd6f568

SHA512
f1d1ae68b1e9ed1d5c25f4b37876c1a61e52de4e8af99da3acbfe77c0a449e23973473a0e9566cd8f67191b03996006f497918233e961feb3652ade6873a15cd

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe

Filesize
30KB

MD5
38b981384618c26918ab715bb01dbb9b

SHA1
1e4bcf3b732859cdf9ed490cb10258b7c8d723af

SHA256
0e0fa6fc33b28cfb0337447bf3b8f73e60c1bb9d3f8ef9acb6fd6519085ae783

SHA512
91cd1d15d624bc5c3aab19a0f9c0a748bdd673d1c0f9f8b84f2a0fbc22bc50ec58f272a1fc55528cb8f5ff2174343cc073e7b5592c6a77a525a16a531f57ed42

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe

Filesize
30KB

MD5
38b981384618c26918ab715bb01dbb9b

SHA1
1e4bcf3b732859cdf9ed490cb10258b7c8d723af

SHA256
0e0fa6fc33b28cfb0337447bf3b8f73e60c1bb9d3f8ef9acb6fd6519085ae783

SHA512
91cd1d15d624bc5c3aab19a0f9c0a748bdd673d1c0f9f8b84f2a0fbc22bc50ec58f272a1fc55528cb8f5ff2174343cc073e7b5592c6a77a525a16a531f57ed42

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe

Filesize
30KB

MD5
38b981384618c26918ab715bb01dbb9b

SHA1
1e4bcf3b732859cdf9ed490cb10258b7c8d723af

SHA256
0e0fa6fc33b28cfb0337447bf3b8f73e60c1bb9d3f8ef9acb6fd6519085ae783

SHA512
91cd1d15d624bc5c3aab19a0f9c0a748bdd673d1c0f9f8b84f2a0fbc22bc50ec58f272a1fc55528cb8f5ff2174343cc073e7b5592c6a77a525a16a531f57ed42

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\lum_sdk_install_id

Filesize
33B

MD5
08f9933058375cde659ce086b8ebfe32

SHA1
36335a62174a9d79e28c38117ef4c3a9b6686ae0

SHA256
502fd19a0f68047eac4c680f499e52daf00e2ec6e04a8d5445acd558203dedc9

SHA512
580dfd19be80849ad8db7b709ee41eaacf60d968473f17153fa2662d78acf11b3a2da829f7210c8dd535afaed5e41cf83f0dae7438a068b1a0c3fee3bcbff6dd

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\lum_sdk_session_id

Filesize
131B

MD5
1a243bc1dfeebce3f387bf6ac6409a8a

SHA1
6be99d7487f9d3bb20c400bcf1697019bca8db21

SHA256
da1e7dd051c1196e52b594538fce3ea1cca21547abff048edd3bdb3334ed1609

SHA512
57a062f9b5b28520b47060b9eed476020c40f5d866669d802ea5cbef06d379428fae1746b5a00015f0c8a5aa2b31012ef0f70b9bcee02758b447d1865841dee7

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\lum_sdk_session_id

Filesize
131B

MD5
5a3a6bd9b634cd21dd79ab6ae3cf7fb2

SHA1
5e88e1716a8494fdaa097899cf7e0b7ef628e231

SHA256
014351e9360e955754be117eab9cb5bceda19c25cddc8cf0cb5c8bd067caab19

SHA512
d607f89069c17bb6a12154328d0b7a975951ee44d13373f4fa550a3d08d5d22d4a40658d8e9f47d38d5326b4e95ea20f297dfd486b16c070c82dacc2b2f6284a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\lum_sdk_session_id

Filesize
131B

MD5
5a3a6bd9b634cd21dd79ab6ae3cf7fb2

SHA1
5e88e1716a8494fdaa097899cf7e0b7ef628e231

SHA256
014351e9360e955754be117eab9cb5bceda19c25cddc8cf0cb5c8bd067caab19

SHA512
d607f89069c17bb6a12154328d0b7a975951ee44d13373f4fa550a3d08d5d22d4a40658d8e9f47d38d5326b4e95ea20f297dfd486b16c070c82dacc2b2f6284a

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\lum_sdk_session_id:LUM

Filesize
216B

MD5
f952ebd96cf570fb2ba19055670cb662

SHA1
e1548a41b29a172b325a886b303a23be25697123

SHA256
6b09b50c56b451ba8ae5dead69c2fe19c05fbd922e35eaf9125981e0722fc27e

SHA512
a579cdf79a77a692f3590620f6be0fcf7853ce36413e472e2bbfd728cfc6228238427da52b93cb2d97a2d668d66ad0a0a4c8d8f18ee17b5582c383797e32cd01

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\net_install.log

Filesize
4KB

MD5
5d3c9f8c7850a52e9c69d1170e080aef

SHA1
28422dd8248387e17d177c5004e19c181e7ba006

SHA256
9b2621babe4a742945e3c0701c449056528402cc909312449d21a9f7ce9308ab

SHA512
7826451e0664a77d803aedd5b375bffc46d3f1a5a610d54a694afb45de4f0b82e7f2836bfb45a2fb52aa937964595ac7fd0f8fc1192901207300ef466f6022f2

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe

Filesize
30KB

MD5
5949053c5038d8fcddbe9aa36a7cac28

SHA1
70b66232fb2ccc6cb9915b6806146c4c92b89670

SHA256
0cb37d80f5e6c45b9d267ded3287ffdbbb202105e7c31e124cafad45e70a43ab

SHA512
51ca091602878386b2b495f597dc55bf35495b49b6d376c433e5d0c8118243757f0b33ba735135503594623f046974b7b5a6bf57a50a4a54d5c0d570bdaab62b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
e45261b9de559288a20d81e3b5e0258c

SHA1
984858a252ebdda7b213b8fec52b1c41773ccad4

SHA256
35240ca9ec5a60618431d2f1d615a0eecda88e7dc5053d3dab8a0b2709a86dc4

SHA512
1979efaa091f4ef9a8cc8a140fd2456734de5a01133be7d2a0037a1ecf1c555084f6bf6a36d26e738127311b5c03d080d7607ac2055780355871f10d1bab0541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_32C5FE0A4543109B82E92C22E4CDDA65

Filesize
727B

MD5
d677083d1c9f698c6f1cb0d174fd4f43

SHA1
4482a6e3d292ce133c18cd6be04c7eecddbb42e8

SHA256
23753eff1929fe67751372f7830972c7fcc8036b18c0f5b72019b9f13fac97f9

SHA512
bc9be16556cbf280eb5799fe126c9c874b629a13f526607cd2372aadcb78033529952d6957655bed5bb50b854e1d431e54ba8b260bcac885e4dc94ec257afbdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
69edc4a6d0793b296b26086c68d1e587

SHA1
c7aedf83759f9a8727a3c005c616a213ade4cfb3

SHA256
064dfd6e5199825337bb2352d67353bb73a40ec7a6f4327117d03fc66776359b

SHA512
16fe2c2a05aef91e35301a9eac593a0f6659cc276583e64e549dbf357f51e36fde22cd5a157c0118b2e782c44817917314e847d4af9294f0cb78041a06dd2ebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
430B

MD5
e26e60d2c64c69443c8cd8ec5264351d

SHA1
fefc5f6f8f478b9647700b6b5329fb34741d4acc

SHA256
b8f07a37acdc0c6ac9f9eef811850f22f74da507573f0ac64bd98ceb6a00050c

SHA512
6875ec8f683f9aece8e8801e0cfb1b2268444511f26d5adca4e1ec232ef06b2d9c86ea2d5a8c9273676b06c726b348f6eac5fb8ef48a746b13cd6c06b6123a46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_32C5FE0A4543109B82E92C22E4CDDA65

Filesize
434B

MD5
8355f7254f7c10376aa67711ae42544f

SHA1
837b9dcb593d6a400c892af1ca158da47f7e461e

SHA256
57710037d09cc06e271c5e28d079493977ac524ca26488516713a3b5b8906b58

SHA512
c859b917d1e617f16a580c1c993e00d39ee208301e9cd4738abf1fad6c949ab35ce803378a6deaf033247095d03757fc2b202cfcfe97cb10257c4ab087dc7470

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
dbf034199096ae866f0aeda67c22cbcc

SHA1
9037a60bfbae062a950fe4a6002482cb339d9828

SHA256
e1f95a3eb525a54fb373f5403fbad6c0c73187308ea23ff20d8c4ac10989623b

SHA512
bc761c3bb6911038f8362c4b33d3f17182dd5bf1a83c47fc94da208837923cfbe892e7332267fe12b923a73b4e388616313997322b41733e9d199699f45a2e03

Download Submit
C:\Users\Admin\AppData\Local\BrightData\ff7076696a3ccb792f8b6eb99968591b51f57fbc

Filesize
33B

MD5
08f9933058375cde659ce086b8ebfe32

SHA1
36335a62174a9d79e28c38117ef4c3a9b6686ae0

SHA256
502fd19a0f68047eac4c680f499e52daf00e2ec6e04a8d5445acd558203dedc9

SHA512
580dfd19be80849ad8db7b709ee41eaacf60d968473f17153fa2662d78acf11b3a2da829f7210c8dd535afaed5e41cf83f0dae7438a068b1a0c3fee3bcbff6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\net_updater64.exe.log

Filesize
1KB

MD5
68b5dd77752ac59bfcbb4c15e4033a45

SHA1
016c811a5b754537b476ba4d13d1fcb49342b5ae

SHA256
ec15afcf451bc12246996ddd672d4759639e6b191b8f81959d495069d8e2e8df

SHA512
8a0cede7009eac165daaa5e7a6aaf7f3498d9cd821203e34854ff23e2e64a98e73332954b698e82caac7d7af40842dca9e06a8a27e8037f5defd215b615cbfaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log

Filesize
1KB

MD5
7fb9a58f58b0df3397af2861cf9d0170

SHA1
dffa8b0097affb4e7b365ed1f624437f20fbd488

SHA256
f8d723a27e748b291a8561e0f45da7980524413c87c60f377d1d8f85952ce0b6

SHA512
59abaddcb3f043a436be03fcef497f0412e1804f3b314e5add0a9c64bebcbe82c42e5de3d04098f899f9eadecfdff2224b807fac01650f010fea427dabf80129

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe

Filesize
8.8MB

MD5
56f37572d80a03e44f3d0f3c436855b8

SHA1
e9dafbde64a6b372cd9578e9107bc33f74a1eeda

SHA256
cf699e9345ea39efb09f2f639b35a2065e1723961189fde070780d0a97920498

SHA512
4ea45c5bb5b732f04b62b7ea06e24d227ab1b167b4accfbb9002fbd26e1c208466f3a11d1cf3a83561609f4fffccaa00f71a9d4302f4382ac93bed7a84a2d5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe

Filesize
8.8MB

MD5
56f37572d80a03e44f3d0f3c436855b8

SHA1
e9dafbde64a6b372cd9578e9107bc33f74a1eeda

SHA256
cf699e9345ea39efb09f2f639b35a2065e1723961189fde070780d0a97920498

SHA512
4ea45c5bb5b732f04b62b7ea06e24d227ab1b167b4accfbb9002fbd26e1c208466f3a11d1cf3a83561609f4fffccaa00f71a9d4302f4382ac93bed7a84a2d5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.209.559.exe

Filesize
8.8MB

MD5
56f37572d80a03e44f3d0f3c436855b8

SHA1
e9dafbde64a6b372cd9578e9107bc33f74a1eeda

SHA256
cf699e9345ea39efb09f2f639b35a2065e1723961189fde070780d0a97920498

SHA512
4ea45c5bb5b732f04b62b7ea06e24d227ab1b167b4accfbb9002fbd26e1c208466f3a11d1cf3a83561609f4fffccaa00f71a9d4302f4382ac93bed7a84a2d5e0

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
e45261b9de559288a20d81e3b5e0258c

SHA1
984858a252ebdda7b213b8fec52b1c41773ccad4

SHA256
35240ca9ec5a60618431d2f1d615a0eecda88e7dc5053d3dab8a0b2709a86dc4

SHA512
1979efaa091f4ef9a8cc8a140fd2456734de5a01133be7d2a0037a1ecf1c555084f6bf6a36d26e738127311b5c03d080d7607ac2055780355871f10d1bab0541

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_32C5FE0A4543109B82E92C22E4CDDA65

Filesize
727B

MD5
d677083d1c9f698c6f1cb0d174fd4f43

SHA1
4482a6e3d292ce133c18cd6be04c7eecddbb42e8

SHA256
23753eff1929fe67751372f7830972c7fcc8036b18c0f5b72019b9f13fac97f9

SHA512
bc9be16556cbf280eb5799fe126c9c874b629a13f526607cd2372aadcb78033529952d6957655bed5bb50b854e1d431e54ba8b260bcac885e4dc94ec257afbdd

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
69edc4a6d0793b296b26086c68d1e587

SHA1
c7aedf83759f9a8727a3c005c616a213ade4cfb3

SHA256
064dfd6e5199825337bb2352d67353bb73a40ec7a6f4327117d03fc66776359b

SHA512
16fe2c2a05aef91e35301a9eac593a0f6659cc276583e64e549dbf357f51e36fde22cd5a157c0118b2e782c44817917314e847d4af9294f0cb78041a06dd2ebd

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
430B

MD5
68be6b21be68b428a78cd4612fd3206f

SHA1
c059f458bb64dcf93d0c1c35fdb49abf2b91d000

SHA256
c32b7935437502234ffa6e10d94d25d2ed8eb6059f4db711e6d37a2c33f55bc2

SHA512
db46bdfa8ad1fd18df0d103bc84c89d2b5c36b5abae168c99a5293d9817df6a0e26f4cadf3032533ca04279911eb0dc6a75dc37306225fd348102255527eefed

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_32C5FE0A4543109B82E92C22E4CDDA65

Filesize
434B

MD5
d63d2bb04989cbee79b3c9a4f4c96e23

SHA1
7c174431e1584ec5a7d18eb2cb7b4b71319f534e

SHA256
1671e5a032e9f16cd01c2aa2001a66903eb3196872f7b4d625c3586ecd3cb6c2

SHA512
6f792545b0c40a7b19713dfee2acc99a2187adcf442ed8629bcc8248f519ab846f1009c1404dec1ae38b58f157e7af2103473e1ca3054084a58b23a850e637ae

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
8480574d8e93bbe793527f29ead46949

SHA1
14aebe881524003976e19fd4284f52a9ec0b9810

SHA256
2e1c56481b487d518ac24244e9aa3e623554c06187899ac74e99c20447380517

SHA512
4fd980525e55a559c38ee37b35614669c2b93b8debe74a7ea6cd757a03509c4e26331a8ac4e93dd2df199495c9377b452069a3bfedf3ce7e8222c17125efffd4

Download Submit
memory/1324-444-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/1324-177-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/1324-151-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/1324-206-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/1324-436-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/1668-350-0x0000015B3EE80000-0x0000015B3F941000-memory.dmp

Filesize
10.8MB

Download
memory/1668-312-0x0000015B3D160000-0x0000015B3D170000-memory.dmp

Filesize
64KB

Download
memory/1668-314-0x0000015B3D160000-0x0000015B3D170000-memory.dmp

Filesize
64KB

Download
memory/1668-404-0x0000015B3EE80000-0x0000015B3F941000-memory.dmp

Filesize
10.8MB

Download
memory/2484-210-0x0000000004B20000-0x0000000004B58000-memory.dmp

Filesize
224KB

Download
memory/2484-205-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/2484-211-0x00000000049D0000-0x00000000049DE000-memory.dmp

Filesize
56KB

Download
memory/2484-208-0x0000000004980000-0x00000000049A2000-memory.dmp

Filesize
136KB

Download
memory/2700-134-0x00000000056E0000-0x00000000056F0000-memory.dmp

Filesize
64KB

Download
memory/2700-135-0x0000000006150000-0x00000000061A6000-memory.dmp

Filesize
344KB

Download
memory/2700-133-0x0000000000CB0000-0x0000000000E18000-memory.dmp

Filesize
1.4MB

Download
memory/2700-136-0x00000000056E0000-0x00000000056F0000-memory.dmp

Filesize
64KB

Download
memory/2700-138-0x0000000006AE0000-0x0000000006B02000-memory.dmp

Filesize
136KB

Download
memory/2744-470-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/2744-628-0x00007FF6AF890000-0x00007FF6B2461000-memory.dmp

Filesize
43.8MB

Download
memory/3156-230-0x00000175F7620000-0x00000175F7642000-memory.dmp

Filesize
136KB

Download
memory/3156-233-0x00000175F76C0000-0x00000175F76D0000-memory.dmp

Filesize
64KB

Download
memory/3156-266-0x00000175F76D0000-0x00000175F8191000-memory.dmp

Filesize
10.8MB

Download
memory/3156-232-0x00000175F76C0000-0x00000175F76D0000-memory.dmp

Filesize
64KB

Download
memory/3156-231-0x00000175F76D0000-0x00000175F8191000-memory.dmp

Filesize
10.8MB

Download
memory/3444-478-0x000002DEE37F0000-0x000002DEE3800000-memory.dmp

Filesize
64KB

Download
memory/3444-481-0x000002DEE37F0000-0x000002DEE3800000-memory.dmp

Filesize
64KB

Download
memory/3444-483-0x000002DEE3FD0000-0x000002DEE4A91000-memory.dmp

Filesize
10.8MB

Download
memory/4116-446-0x0000019F22FD0000-0x0000019F22FE0000-memory.dmp

Filesize
64KB

Download
memory/4116-297-0x0000019F22FD0000-0x0000019F22FE0000-memory.dmp

Filesize
64KB

Download
memory/4116-299-0x0000019F22FD0000-0x0000019F22FE0000-memory.dmp

Filesize
64KB

Download
memory/4116-445-0x0000019F22FD0000-0x0000019F22FE0000-memory.dmp

Filesize
64KB

Download
memory/4116-442-0x0000019F22FE0000-0x0000019F23AA1000-memory.dmp

Filesize
10.8MB

Download
memory/4116-311-0x0000019F22FE0000-0x0000019F23AA1000-memory.dmp

Filesize
10.8MB

Download
memory/4116-622-0x0000019F22FE0000-0x0000019F23AA1000-memory.dmp

Filesize
10.8MB

Download
memory/4136-417-0x00000000053C0000-0x0000000005964000-memory.dmp

Filesize
5.6MB

Download
memory/4136-410-0x0000000004D70000-0x0000000004E02000-memory.dmp

Filesize
584KB

Download
memory/4136-409-0x00000000004D0000-0x00000000004D8000-memory.dmp

Filesize
32KB

Download
memory/4484-137-0x0000000005120000-0x0000000005130000-memory.dmp

Filesize
64KB

Download
memory/4484-153-0x0000000005120000-0x0000000005130000-memory.dmp

Filesize
64KB

Download